Generation of registration codes, keys and passcodes using non-determinism

ABSTRACT

In an embodiment, a secure module is provided that provides access keys to an unsecured system. In an embodiment, the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment, the access keys are sent to the unsecured system after the receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. In an embodiments, a registration code is generated using non-determinism. In an embodiments, a key is generated using non-determinism. Each of these embodiments may be used separately.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a is a continuation-in-part of U.S. patent application Ser. No. 11/131,652, entitled, “Method of Generating Access Keys” filed May 17, 2005 now U.S. Pat. No. 7,979,716, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/106,930, entitled, “API For a System Having a Passcode Authenticator” filed Apr. 14, 2005 now U.S. Pat. No. 7,707,622, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/106,183, entitled, “Interfacing With a System That Includes a Passcode Authenticator” filed Apr. 13, 2005 now U.S. Pat. No. 7,702,911, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/104,357, entitled, “System For Generating Requests For Access To a Passcode Protected Entity” filed Apr. 12, 2005 now U.S. Pat. No. 7,886,155, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/104,343, entitled, “Generating Requests For Access To a Passcode Protected Entity” filed Apr. 11, 2005 now abandoned, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/102,407, entitled “System For Handling Requests For Access To a Passcode Protected Entity” filed Apr. 7, 2005 now abandoned, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/100,803, entitled, “Determining Whether to Grant Access to a Passcode Protected System,” filed Apr. 6, 2005 now U.S. Pat. No. 7,669,236, which in turn claims priority benefit of U.S. Provisional Patent Application No. 60/637,536, entitled “Secure Keys,” filed Dec. 20, 2004 and claims priority benefit of U.S. Provisional Patent Application No. 60/646,463, entitled “Passcode Generator” filed Jan. 24, 2005; this application is a continuation-in-part of U.S. patent application Ser. No. 11/100,803, entitled “Determining Whether To Grant Access To a Passcode Protected System” filed Apr. 6, 2005; which is incorporated herein by reference; this application also claims priority benefit of U.S. Provisional Patent Application No. 60/637,536, entitled “Secure Keys” filed Dec. 20, 2004, and this application claims priority benefit of U.S. Provisional Patent Application No. 60/646,463, filed Jan. 24, 2005. All of the above applications are incorporated herein by reference. This application incorporates herein by reference U.S. Provisional Patent Application No. 60/629,868, filed Nov. 18, 2004. This application also incorporates herein by reference U.S. Provisional Patent Application No. 60/631,199, filed Nov. 26, 2004. This application also incorporates herein by reference U.S. patent application Ser. No. 10/778,503, filed Feb. 15, 2004. This application also incorporates herein by reference U.S. patent application Ser. No. 10/889,237, filed Jul. 11, 2004.

FIELD

The specification generally relates to a security system.

BRIEF DESCRIPTION

In the following drawings like reference numbers are used to refer to like elements. Although the following figures depict various examples of the invention, the invention is not limited to the examples depicted in the figures.

FIG. 1A shows a block diagram of an example of a system for maintaining the security of a secure entity.

FIG. 1B shows a block diagram of an example of the system of FIG. 1A.

FIG. 1C shows a block diagram of an example of the system of FIG. 1A.

FIG. 2A shows a block diagram of an example of the system of FIG. 1A.

FIG. 2B shows a block diagram of an example of computer system, which may be used as any of the system of FIG. 2A and/or for any of the blocks in FIGS. 1A-C.

FIG. 3A shows an example of a passcode device.

FIG. 3B shows an example of a passcode device.

FIG. 4 shows an example of a passcode device.

FIG. 5A shows an example of the system of FIG. 1A.

FIG. 5B shows an example of the system of FIG. 1A.

FIG. 6 shows a block diagram of a circuit of an example of a passcode device.

FIG. 7 shows a flowchart of an example of a method for setting up a passcode device for use by a particular user.

FIG. 8 shows a flowchart of an example of a method of requesting access to a secure entity.

FIG. 9 shows a flowchart of an example of a method of handling a request for access to a secure entity.

FIG. 10 shows a flowchart of an example of a method for carrying out one of the steps of FIG. 9.

FIG. 11 shows a flowchart of an example of a method for setting up part of a system so that a user may access a secure entity.

FIGS. 12A and 12B show a flowchart of an example of a method for handling a request for access to a secure entity.

FIG. 13 shows a flowchart of an example of a method of installing a part of the system of FIG. 1A.

FIG. 14 shows a flowchart of an example of a method for assembling the passcode device.

FIG. 15 shows a block diagram of a system for encrypting and decrypting items.

FIG. 16 shows a block diagram of an example of an unsecured system, which may be used in the system of FIG. 1.

FIG. 17 shows a block diagram of an example of the memory of FIG. 2.

FIG. 18 shows an example of an embodiment of a secure system.

FIG. 19 shows an example of a secure module.

FIG. 20 shows an example of a secure module.

FIG. 21 shows an example of a secure module.

FIG. 22 shows a flowchart of an example of a method for assembling a secure module.

FIG. 23 shows a flowchart of an example of a method of setting up the system of FIG. 1.

FIG. 24 shows a flowchart of an example of a method for encrypting or decrypting data.

FIG. 25 shows an example of a hardware diagram.

FIG. 26 shows an example of a lock mechanism.

FIG. 26A shows an example of a lock mechanism.

FIG. 26B shows an example of a lock mechanism.

FIG. 26C shows an example of a lock mechanism.

FIG. 27 shows an example of a lock shaft current generator.

FIG. 28 shows an example of a magnetic current generator.

FIG. 29 shows an overview of a padlock.

FIG. 30 shows an example of a threaded lock cylinder in the locked state.

FIG. 30A shows an example of a locked threaded lock cylinder in the locked state with a motor.

FIG. 31 shows an example of a threaded lock cylinder in the unlocked state.

FIG. 31A shows an example of a threaded lock cylinder in the unlocked state with a motor.

FIG. 32 shows the side views of a threaded lock cylinder.

FIG. 33 shows an example of a cam lock mechanism.

This invention can be used with any of the embodiments described in the Appendix. In embodiments described in the appendix, registration codes, passcode generators and keys are generated or derived from user information. In some embodiments, the user information is biometric data. This biometric data acquired during setup (enrollment) provides a useful source of information for generating large, unpredictable keys, registration codes, passcode generators and other codes. As an example, in one embodiment using a fingerprint sensor, we estimate that Biogy's biometric flash drive can extract over 30,000 bits of entropy per image acquired and during a typical setup (enrollment) over 100,000 bits of entropy. Other kinds of biometrics using optics or other biometrics such as the iris, human ear, or DNA may be capable of generating substantially higher amounts of entropy.

These large amounts of entropy are attainable without using deterministic random (pseudo) number algorithm generators (See [Knuth98]). The methods in some embodiments, presented here, use the non-determinism from the biometrics that depends on a number of different factors in the environment, biometric sensor acquisition system and the person's unique characteristics. These factors include at least: air temperature, humidity, barometric pressure, the unique physical characteristics of the biometric sensor, the configuration of the sensor in its hardware system, the placement and orientation of the sensor, the person's unique physical characteristics which are dependent on the person's recent diet, moisture on that part of their body, their sleep habits and the interaction of their physical characteristics with other factors in the environment.

In embodiments where the biometric sensor uses optics, there are additional factors that can enhance the quality of the non-determinism: Background light in the environment, 3-D orientation of the person's physical biometrics, skin or other organ pigment, reflectance and transmission characteristics of their skin or other parts of their body, the physical characteristics of the optical sensor and the quantum nature of optical phenomena.

In some embodiments, there may not be a biometric sensor available, which generates substantial entropy locally on the device. Here, the word “device” may refer to a mobile phone, a chip inside the mobile phone, a computer, a chip inside a computer, a flash drive, a USB security token, a portable security token with battery but no USB plug, an ATM device at a store, a GPS device, a credit card, or a smart card chip.

The creation of the registration code and passcode generator(s) can be enhanced using true randomness (quantum phenomena) or real unpredictability derived from a physical process inside the device that is generating the registration code or keys and updating the passcode generator. In some embodiments, this randomness is generated from a physical process inside the chip. In other embodiments, there may be a separate part of hardware or group of hardware components on the device that generate randomness or unpredictability from a physical process. The physical process that helps generate the unpredictability may be dependent on heat, light, sound, moisture, conductance, density, gravity, acceleration, quantum phenomena, or a combination of these physical phenomena. Quantum phenomena may use photons, radioactive decay, electron spin, or other phenomena covered by the theory of quantum mechanics.

In some embodiments, an additional layer of security can be applied. For example, there might be a chance of modeling the physical process in the device. In this case, when non-deterministic information ρ is generated in analog form by a physical process in the device, than an analog-to-digital converter α can be applied first to ρ i.e. α(ρ), followed by a one-way function Φ, that is Φ(α(ρ)). In some cases, the information obtained from the physical process may be in components ρ₁, ρ₂, . . . , ρ_(n) and then a one-way function may be applied to the components: Φ(α(ρ₁)), Φ(α(ρ₂)), . . . , Φ(α(ρ_(n))). One or more of these components may be used to generate the registration code(s), passcode generator(s) or key(s). In the case where ρ may already be generated in a digital format by the physical process—for example, up or down with respect to electron spin—then a one-way function Φ may be applied directly to ρ i.e. Φ(ρ)

In some embodiments, one or more of the components may enhance the one-way function application. For example, as an embodiment, let μ=Φ(α(ρ₂)) modulo δ. Then a registration code R or key K could be generated as R=Φ^(μ)(ρ₁) or K=Φ^(μ)(ρ_(n)). In some embodiments that also have a biometric acquisition system, the non-deterministic information ρ may be combined with the biometric information β using one or more one-way function application. For example, K=Φ(ρβ) which means concatenate ρ and β and then apply Φ. In another embodiment, one may compute R=Φ(Φ(ρ)Φ(β)). As still another alternative embodiment compute μ=Φ(β) modulo δ, followed by R=Φ^(μ)(ρ) or K=Φ^(μ)(ρ).

In light of the RSA SecurID breach [WSJ_(—)11], the embodiments, presented here, have the advantages of DECENTRALIZATION and NON-DETERMINISM, which substantially increases the quality of the security provided in a cybersecurity system across many applications and embodiments: securing financial transactions; securing critical infrastructure such as the electrical grid; securing private networks such as SPIRNet (see the Wikipedia entry on SPIRNet for more information); or securing physical objects and infrastructure such as autos, trucks, farm machinery, cranes, ships, airplanes, jets, tanks, safes, houses, hotels, hospitals, office buildings, military bases, satellites, power plants, manufacturing plants, mines and stadiums that offer entertainment (football, soccer, music, etc.)

A.) DECENTRALIZATION. Generation of the registration code and passcode generators and use of all user credentials is decentralized in the embodiments presented here. The purpose of the decentralization is to force the hackers to compromise these cybersecurity system embodiments one device at a time. This is far more expensive, far more difficult and far more time consuming. This decentralization also helps protect the privacy of the person who owns the device. Furthermore, this decentralization also reduces the possibility of one hacker(s) breach, enabling the hacker(s) to have unauthorized access across the whole world or across the entire security system.

The embodiments disclosed here are superior to the prior art such as RSA SecurID and others, because compromising these cybersecurity embodiments requires hackers breaking into one physical device (e.g. mobile phone, USB token, etc) at a time. At the time of the RSA SecurID breach [WSJ_(—)11], there were an estimated 40 million SecurID devices being used by corporations and institutions across the world.

B.) NON-DETERMINISM. In the prior art, some cybersecurity systems generate keys, seeds, codes and other important information that must remain secret based on random number generator algorithms i.e. deterministic algorithms. To put this into perspective, we quote Donald Knuth on his description of deterministic random number algorithms from pages 3 and 4 of [Knuth98]. “How can a sequence generated in such a way be random, since each number is completely determined by its predecessor? The answer is that the sequence isn't random, but it appears to be . . . . Sequences generated in a deterministic way such as this are often called pseudorandom or quasirandom sequences in the highbrow technical literature, but in most places in this book we shall simply call them random sequences, with the understanding that they only appear to be random. Being ‘apparently random’ is perhaps all that can be said about any random sequence anyway.”

In the RSA SecurID breach, RSA stored their seeds on the internal RSA network i.e. a centralized system that generated the RSA SecurID seeds. As a result of hackers breaking into the RSA network, reverse engineering the RSA SecurID deterministic algorithms and gaining access to how the seeds are deterministically generated and populated into the RSA SecurID devices, the hackers were able to breach RSA SecurID security devices across the world. Furthermore, hackers were able to break into defense contractors, compromise the largest banks in the world and steal money from large payment and transaction providers.

The inferior methods in the prior art—that rely on deterministic algorithms to generate seeds, keys, codes and other items that must remain secret—have a history that goes back to the formal definition of the Turing machine [Turing36]. The deterministic algorithm approach—to generate seeds, keys and codes—continued to develop with register machine implementations until our current time. A typical register machine embodiment is an algorithm executed on an Intel Pentium processor or a processor chip based on the ARM instruction set. (See the Wikipedia article on ARM architecture and the ARM Holdings website for more information).

[Knuth_(—)98]. Donald Knuth. The Art of Computer Programming. Volume 2. Seminumerical Algorithms. Third Edition. Addison-Wesley, 1998.

[Turing_(—)36]. Alan M. Turing. On computable numbers, with an application to the Entscheidungsproblem. Proc. London Math. Soc. Series 2 42 (Parts 3 and 4), 230{265 (1936). A correction, ibid. 43, 544{546 (1937).

[WSJ_(—)11]. RSA Makes Security Offer After SecurIDs Breach, Wall Street Journal, Jun. 8, 2011.

APPENDIX Cross-Reference to Related Applications

This application is a continuation-in-part of U.S. patent application Ser. No. 11/106,930, entitled, “API For a System Having a Passcode Authenticator” filed Apr. 14, 2005, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/106,183, entitled, “Interfacing With a System That Includes a Passcode Authenticator” filed Apr. 13, 2005, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/104,357, entitled, “System For Generating Requests For Access To a Passcode Protected Entity” filed Apr. 12, 2005, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/104,343, entitled, “Generating Requests For Access To a Passcode Protected Entity” filed Apr. 11, 2005, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/102,407, entitled “System For Handling Requests For Access To a Passcode Protected Entity” filed Apr. 7, 2005, which in turn is a continuation-in-part of U.S. patent application Ser. No. 11/100,803, entitled, “Determining Whether to Grant Access to a Passcode Protected System,” filed Apr. 6, 2005, which in turn claims priority benefit of U.S. Provisional Patent Application No. 60/637,536, entitled “Secure Keys,” filed Dec. 20, 2004 and claims priority benefit of U.S. Provisional Patent Application No. 60/646,463, entitled “Passcode Generator” filed Jan. 24, 2005; this application is a continuation-in-part of U.S. patent application Ser. No. 11/100,803, entitled “Determining Whether To Grant Access To a Passcode Protected System” filed Apr. 6, 2005; which is incorporated herein by reference; this application also claims priority benefit of U.S. Provisional Patent Application No. 60/637,536, entitled “Secure Keys” filed Dec. 20, 2004, and this application claims priority benefit of U.S. Provisional Patent Application No. 60/646,463, filed Jan. 24, 2005. All of the above applications are incorporated herein by reference. This application incorporates herein by reference U.S. Provisional Patent Application No. 60/629,868, filed Nov. 18, 2004. This application also incorporates herein by reference U.S. Provisional Patent Application No. 60/631,199, filed Nov. 26, 2004. This application also incorporates herein by reference U.S. patent application Ser. No. 10/778,503, filed Feb. 15, 2004. This application also incorporates herein by reference U.S. patent application Ser. No. 10/889,237, filed Jul. 11, 2004.

FIELD

The specification generally relates to a security access system.

BACKGROUND

The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subjection matter in the background section merely represents different approaches, which in and of themselves may also be inventions, and various problems, which may have been first recognized by the inventor.

In many applications a password is required to grant access to a system or authorize a transaction. Today many users have so many different passwords that it is difficult to remember them. In other cases, a password can be stolen by a thief, making passwords susceptible to fraud.

In typical cryptographic systems, one or more encryption keys are created on the sender's computer or device and are used to transmit an encrypted message to another computer or device. The receiver also has one or more encryption keys to decrypt the message. Typical encryption keys have a length of 128 bits, 256 bits, 512 bits, or larger. Since most people are incapable of remembering an encryption key this long, these encryption keys are stored on a computer or other device that often requires a shorter, less secure, password to access. This creates a situation, where the password is often much easier to obtain than the encryption keys. Furthermore, many operating systems have many security flaws, so often a sophisticated intruder does not have to obtain the password. The intruder can gain access to the computer containing the encryption keys, and the cryptographic system's security is compromised.

It is possible to scan fingerprints into computers, rather than enter a password, to access computers. However, such systems are unsecure, because the fingerprints, or derived fingerprint information, can be captured by an intruder. Consequently, the security of the whole system is compromised.

Some embodiments relate generally to locking devices. In some cases electronic lock devices. Presently, many different types of electronic locks are used to secure safes, vaults, doors, autos and motorcycles. U.S. Pat. Nos. 5,170,431 and 5,893,283 disclose locks having electromechanical locking systems. Some devices combine the electromechanical locking device with an electronic combination system, U.S. Pat. Nos. 5,451,934 5,488,350 and 5,488,660. Improvements on these lock devices have self-contained power generation systems, such as U.S. Pat. No. 5,870,914 and a power conservation system such as U.S. Pat. No. 5,896,026. Similarly, U.S. Pat. No. 5,617,082 uses an electronic lock device having a microprocessor, battery power, and a keypad input.

While U.S. Pat. No. 6,401,501 addresses many limitations with the previous electronic lock designs, it still requires an access code. U.S. Pat. No. 6,401,501 is technically still a traditional mechanical lock. The design in U.S. Pat. No. 6,401,501 still requires a person to either remember his or her access code or carry a key.

Up to this point in time, all mechanical locks have required a key, a combination number, or an access code. FPALM is the first portable mechanical lock to replace a key, combination, or access code with a fingerprint sensor. FPALM is also the first portable electronic lock with a built-in self-sustaining power supply.

Up until FPALM, application No. 60/488,611, all mechanical locks required a key, a combination number, or an access code. FPALM II makes some implementation improvements to FPALM: in some products, a motor is preferable over a solenoid to open and close a lock because the motor costs less, and consumes less power. Further, FPALM II adds some additional ways of prolonging the power supply, when applied to portable products.

Overall, aside from FPALM, FPALM II is the first mechanical lock to replace a key, combination, or access code with a fingerprint sensor. FPALM II is also the first portable electronic lock capable of using a built-in self-sustaining power supply.

BRIEF DESCRIPTION

In the following drawings like reference numbers are used to refer to like elements. Although the following figures depict various examples of the invention, the invention is not limited to the examples depicted in the figures.

FIG. 1A shows a block diagram of an example of a system for maintaining the security of a secure entity.

FIG. 1B shows a block diagram of an example of the system of FIG. 1A.

FIG. 1C shows a block diagram of an example of the system of FIG. 1A.

FIG. 2A shows a block diagram of an example of the system of FIG. 1A.

FIG. 2B shows a block diagram of an example of computer system, which may be used as any of the system of FIG. 2A and/or for any of the blocks in FIGS. 1A-C.

FIG. 3A shows an example of a passcode device.

FIG. 3B shows an example of a passcode device.

FIG. 4 shows an example of a passcode device.

FIG. 5A shows an example of the system of FIG. 1A.

FIG. 5B shows an example of the system of FIG. 1A.

FIG. 6 shows a block diagram of a circuit of an example of a passcode device.

FIG. 7 shows a flowchart of an example of a method for setting up a passcode device for use by a particular user.

FIG. 8 shows a flowchart of an example of a method of requesting access to a secure entity.

FIG. 9 shows a flowchart of an example of a method of handling a request for access to a secure entity.

FIG. 10 shows a flowchart of an example of a method for carrying out one of the steps of FIG. 9.

FIG. 11 shows a flowchart of an example of a method for setting up part of a system so that a user may access a secure entity.

FIGS. 12A and 12B show a flowchart of an example of a method for handling a request for access to a secure entity.

FIG. 13 shows a flowchart of an example of a method of installing a part of the system of FIG. 1A.

FIG. 14 shows a flowchart of an example of a method for assembling the passcode device.

FIG. 15 shows a block diagram of a system for encrypting and decrypting items.

FIG. 16 shows a block diagram of an example of an unsecured system, which may be used in the system of FIG. 1.

FIG. 17 shows a block diagram of an example of the memory of FIG. 2.

FIG. 18 shows an example of an embodiment of a secure system.

FIG. 19 shows an example of a secure module.

FIG. 20 shows an example of a secure module.

FIG. 21 shows an example of a secure module.

FIG. 22 shows a flowchart of an example of a method for assembling a secure module.

FIG. 23 shows a flowchart of an example of a method of setting up the system of FIG. 1.

FIG. 24 shows a flowchart of an example of a method for encrypting or decrypting data.

FIG. 25 shows an example of a hardware diagram.

FIG. 26 shows an example of a lock mechanism.

FIG. 26A shows an example of a lock mechanism.

FIG. 26B shows an example of a lock mechanism.

FIG. 26C shows an example of a lock mechanism.

FIG. 27 shows an example of a lock shaft current generator.

FIG. 28 shows an example of a magnetic current generator.

FIG. 29 shows an overview of a padlock.

FIG. 30 shows an example of a threaded lock cylinder in the locked state.

FIG. 30A shows an example of a locked threaded lock cylinder in the locked state with a motor.

FIG. 31 shows an example of a threaded lock cylinder in the unlocked

FIG. 31A shows an example of a threaded lock cylinder in the unlocked state with a motor.

FIG. 32 shows the side views of a threaded lock cylinder.

FIG. 33 shows an example of a cam lock mechanism.

DETAILED DESCRIPTION

Although various embodiments of the invention may have been motivated by various deficiencies with the prior art, which may be discussed or alluded to in one or more places in the specification, the embodiments of the invention do not necessarily address any of these deficiencies. In other words, different embodiments of the invention may address different deficiencies that may be discussed in the specification. Some embodiments may only partially address some deficiencies that may be discussed in the specification, and some embodiments may not address any of these deficiencies.

In general, at the beginning of the discussion of each of FIGS. 1A-6, 15-21, and 25-33 is a brief description of each element, which may have no more than the name of each of the elements in the one of FIGS. 1A-6, 15-21, and 25-33 that is being discussed. After the brief description of each element, each element is further discussed. In some of FIGS. 1A-6, 15-21, and 25-33 the further discussion of each element is usually in the numerical order of the elements. In some of FIGS. 1A-6, 15-21, and 25-33 the further discussion of each element discusses a group of the elements together. In some of FIGS. 1A-6, 15-21, and 25-33 after the further discussion of each element, there is a discussion of how all the elements cooperate with one another. In general, each of FIGS. 1A-33 is discussed in numerical order and the elements within FIGS. 1A-33 are also usually discussed in numerical order to facilitate easily locating the discussion of a particular element. Nonetheless, there is no one location where all of the information of any element of FIGS. 1A-33 is necessarily located. Unique information about any particular element or any other aspect of any of FIGS. 1A-33 may be found in, or implied by, any part of the specification.

FIG. 1A is a block diagram of an example of a system 100. System 100 includes a passcode device 101, an administrator 102, and a secure entity 103. In other embodiments system 100 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above. Protecting the security of an entity by using passcodes is disclosed. A passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator.

System 100 is an example of a system in which the security of a secure entity is kept by requiring a user to submit a passcode (e.g., a password) in order to gain access to the secure entity. The term “user” refers to someone that has access to passcode device 101. The user may use passcode device 101 to gain access to a secure entity. Any sequence of bits (which may represent any string of symbols) may be used as a passcode. In some cases, the passcode may be directly transmitted without human intervention to the administrator, so the sequence of bits may not have a visual display in standard formats such as ASCII, Unicode, and so on. For example, the first sequence of 8 bits in the passcode could in ASCII represent the end of file character, which currently does not have a visual representation. In other embodiments where the passcode is displayed as a sequence of symbols on a graphical display, then the symbols may be chosen from any subset of or combination of alphanumeric, punctuation, picture symbols, math, uppercase, and/or lower case symbols, for example. The choice of alphanumeric symbols may include characters from a multiplicity of languages. An example of an alphanumeric passcode with 8 symbols is 4Rlpa5Wx. An example of a possible passcode with 8 symbols is

. An example with 16 symbols including punctuation and other symbols is &x#W

q61!j$uS_m.

Passcode device 101 may be used for generating passcodes and/or for setting up a new user in system 100. Setting up a new user may include “registering” the new users. Registering a new user refers to the process of adding a new user so that the new user is able to use a system, such as passcode device 101 or system 100. Passcode device 101 may have multiple other uses.

In an embodiment, passcode device 101 generates a new passcode each time a user wants to gain access to the secure entity. In an embodiment, after the passcode is used, the passcode is discarded and is not stored. In an embodiment, after a passcode is used once, the passcode will no longer enable access to the secure entity. In an embodiment, passcode device 101 also acquires and/or stores information about a user that is used for identifying the user. When the user wants to access the secure entity, the user enters at least some identifying information (e.g., a valid fingerprint) into passcode device 101. If passcode device 101 is able to match the identifying information with identifying information stored in passcode device 101, then passcode device 101 generates a passcode, which may be used for gaining entry to a secure entity (e.g., a newly acquired fingerprint may be matched with information derived from earlier acquired fingerprints). The identifying information may be stored in passcode device 101 in association with a user ID. Thus, in this embodiment, each time a user submits identifying information to the passcode device 101, a new one-time passcode is created. An embodiment of the passcode device 101 uses a secure device (as passcode device 101) that produces unique passcodes from the identifying information, and the unique passcodes can be used as one-time passcodes. In an embodiment, for each acquired set of identifying information, the derived passcodes created are unique. In an embodiment in which the passcode may only be used once, the user does not have to remember her passcode. For example, passcode device 101 may generate a new passcode every time a user submits a valid fingerprint. In an embodiment in which a new passcode is generated for each request for access, stealing the passcode is of, at best, limited use, because after the passcode has been used, the passcode is no longer valid.

In other embodiments, passcode device 101 generates a new passcode less frequently than every time a user submits valid identifying information. For example, a new passcode may be generated every other time or on a random schedule, which the user may be unaware of. In an alternative embodiment, the passcode may be used multiple times prior to being discarded. In an alternative embodiment, the passcode is stored for a brief period of time, which may extend beyond the passcodes initial use. The discarding of the passcode may depend upon the number of uses and/or the length of the period of time after the passcode was generated.

In an alternative embodiment, the frequency of repeated passcodes issued to different users is low enough such that it is unlikely that one of two users that have been issued the same passcode will try to access secure entities that only the other of the two is entitled to access. In an embodiment, the frequency of passcodes issued to the same user being repeated is low enough that it is unlikely that the interception of an old passcode will be useful to a hacker. Since the passcode is not stored beyond an expiration time, the passcode itself cannot be stolen accept during the brief period between the time the passcode is generated and the passcode expires. In an embodiment in which the passcode is valid for only one use, the passcode does not need to be stored at all and can only be stolen during the brief period between when the passcode is generated and used. In an embodiment, each time the user enters user information (e.g., a fingerprint) the current passcode is displayed or transmitted (whether or not the current passcode is a one-time passcode), and consequently, the user does not need to remember the passcode.

In an embodiment, a timestamp may be associated with a one-time passcode or other passcode. If the current time is later than the associated timestamp, when the passcode is submitted to an “administrator,” then the passcode has expired, is invalid, and access would be denied. The word administrator is used to refer to an entity that grants or denies access to the secure entity.

There are many types of identifying information that may be stored by passcode device 101, such as fingerprints, a birthday, a favorite number, a social security number, and/or a driver's license, a profile, an image of a face, an iris scan, a toe print, a handprint, and/or a footprint. In an embodiment, the item used to generate the passcodes is any item that is unique. In this specification, using a first item (e.g., a fingerprint) to “generate” a second item (e.g., a passcode) may refer to using the first item to “directly” generate the second item or to “indirectly” generate the second item by, for example, first generating one or more intermediary items from which the second item is ultimately generated. The intermediary items may include a chain of multiple intermediary items that each generated one from another. In an embodiment the item used to generate the passcode is one that is difficult to fabricate, guess, find by trial and error, and/or compute. In an embodiment, the item used to generate the passcodes is uniquely associated with the user. In an embodiment, the item used to generate the passcodes has an unpredictable element to it (e.g., the unpredictable manner in which the patterns of lines in fingerprints differ between fingerprints).

During a registration process identifying information about a new user may be stored in passcode device 101. In an embodiment passcode device 101 includes a secure area for acquiring identifying information, storing the identifying information, and/or information related to, or derived from, the identifying information. The secure area is discussed further in conjunction with FIG. 6. The registration process is discussed further in conjunction with FIGS. 1B, 1C, 8, and 11.

In addition, optionally, the passcode device 101 can be a standalone and/or portable device. It is more difficult for an attacker to gain access to passcode device 101 if passcode device 101 is a standalone device, because there are less opportunities for another device to inspect or otherwise access the contents of passcode device 101 compared to if passcode device 101 is not a standalone device. Additionally, in an embodiment in which passcode device 101 is a standalone device, it is more difficult for an unauthorized entity to steal the identifying information associated with the user than were passcode device 101 not a standalone device.

The portable embodiment enables users to generate one time passcodes in remote places, such as inside an airplane, on an oil tanker, on a ship, in a warehouse with shipping containers using wireless communication, in a satellite, at places at which an AC power source is difficult to access or inaccessible, and/or at other places. More details about various possible embodiments of passcode device 101 are discussed in conjunction with subsequent FIGS. 1B-14.

Administrator 102 receives the requests for access to a secure entity from passcode device 101, and decides how to handle the request. For example, administrator 102 may receive a passcode from passcode device 101 and may cause the passcode to be authenticated. In an embodiment, administrator 102 may check, or cause other entities to check, whether a passcode is derived from one of the registration codes and/or passcode generators stored in the database.

Similar to the passcode, any sequence of bits may be used as a registration code. In some cases, the registration code may be directly transmitted without human intervention to the administrator, so the sequence of bits may not have a visual display in standard formats such as ASCII, Unicode, and so on. For example, the first sequence of 8 bits in the registration code could in ASCII represent the end of file character, which currently does not have a visual representation. In other embodiments where the registration code is displayed as a sequence of symbols on a graphical display, then the symbols may be chosen from any subset or combination of alphanumeric, punctuation, picture symbols, math, upper case, and/or lower case symbols, for example. The symbols that the user may choose from may be any subset or combination of alphanumeric, punctuation, math, upper case, and/or lower case symbols, for example. The choice of alphanumeric symbols may include characters from a multiplicity of languages. An example of a registration code with 16 symbols is 1Ae58GnZbk3T4 pcQ and a registration code with punctuation and other symbols may also be used. An example with 32 symbols is 1!56hs#K♀3_(—)4xP*7:y2iW=K;r.+4vN? There may be at least one unique registration code for each user and/or passcode device 101. The same criterion and/or restrictions apply for both passcodes and registrations codes for determining what sequences of characters are valid.

Administrator 102 may be a human being, software, a computer, an electro-mechanical lock, or other machine that grants a particular user access to its resources and/or enables a particular event (e.g., a financial transaction, or landing a plane at an airport, and so on). Administrator 102 has the capability (e.g., authority) to grant or deny the user, associated with passcode device 101, access to the secure entity. If the passcode is found to be authentic, then administrator 102 grants the user, associated with passcode device 101, access to the secure entity. In an embodiment, the passcode is accepted by administrator 102 only once. In an embodiment, after accepting the passcode, administrator 102 expects a different passcode for the next request.

Several different embodiments are discussed above in conjunction with passcode device 101 that relate to different criterion and/or durations of time for when a passcode is valid. Administrator 102 has a corresponding way of behaving in terms of whether a given passcode is accepted depending on the embodiment. For example, in an embodiment in which the passcode is valid for only a specified number of uses (which may be a relatively small number of uses) instead of being valid for only one use, administrator 102 accepts the passcode as valid for only the specified number of times. In an alternative embodiment, the passcode's validity may be dependent on a time period (which may be relatively short) instead of, or in addition to, being valid for only one or a specified number of uses. As another example, in an embodiment in which the passcode is associated with a timestamp, administrator 102 may deny access for a passcode submitted with an expired timestamp.

In an embodiment, to authenticate a passcode instead of comparing the passcode to a previously received passcode, administrator 102 generates the passcode independently from passcode device 101. Consequently, in this embodiment, instead of storing the actual passcode, administrator 102 stores a method of generating the passcode that is expected to result in the same passcode generated by passcode device 101. In an embodiment, administrator 102 stores and/or uses the same method of generating passcodes that passcode device 101 uses.

In an embodiment in which passcode device 101 and administrator 102 use the same method for generating a passcode, the registration process may involve associating a particular method of generating passcodes with a user and/or passcode device 101. The registration process may involve synchronizing the methods used by passcode device 101 and by administrator 102 so that at a particular attempt to gain access, administrator 102 and passcode device 101 generate the same passcode. The registration process may involve associating a particular registration code (which may also be referred to as a seed) with a particular user and/or passcode device 101. Administrator 102 may be part of the secure entity, a separate entity, and/or may be located in a location that is remote from the secure entity.

Secure entity 103 is the secure entity that the user (which is associated with passcode device 101) desires to access. Secure entity 103 is the entity to which administrator 102 has the capability to determine whether the user is entitled to access. Some examples of secure entities are locks, doors, cars, houses, websites, bank accounts, ATMs, medical records, authorization to perform a financial transaction, or some other type of event that requires security.

The lines connecting passcode device 101, administrator 102, and secure entity 103 represent paths of communication. These lines may represent physical communication lines, wireless communications, sonar communications, verbal communications, and/or other communications. The dashed part of the line connecting passcode device 101 with secure entity 103 indicates the capability of administrator 102 to prevent or allow access to secure entity 103.

Although in FIG. 1A only one passcode device 101, administrator 102, and secure entity 103 are illustrated, there may be a multitude of passcode devices 101 that can access secure entity 103 and each passcode device 101 may be able to access multiple secure entities 103. Similarly, there may be several administrators 102 that are capable of granting access to a particular secure entity 103, and each administrator may be capable of granting access to several secure entities 103. Further, a particular passcode device 101 may have a choice of several administrators 102 via which to gain access to a particular secure entity 103.

FIG. 1B shows one of many possible embodiments of system 100. In the embodiment of FIG. 1B, passcode device 101 includes setup portion 104 and request portion 106. In the embodiment of FIG. 1B, system 100 includes setup 108, request for access 110, reply 112, access to secure device 114, and administrator 102. Administrator 102 may include setup portion 116 and request portion 118. Request portion 118 may include error handler 120. In other embodiments system 100 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

In FIG. 1B, each passcode, denoted as P_(i), is a sequence of bits. Although this specification uses a specific notation, the invention is in no way limited by this notation. Software implementing the methods of this specification may use a notation that is unrelated to the notation used in this specification. Setup portion 104 may be used for registering a new user, configuring passcode device 101, and/or for setting up passcode device 101. Setup portion 104 acquires identification information, T. In an embodiment, setup portion 104 may generate a registration code, which may be denoted as R, for the sake of registering the user with another entity.

In an embodiment, a method, Φ₁ may be used for generating registration code R from the identification information. The method Φ₁ (which may be referred to as a generating method) may be a “one-way” method such as a one-way algorithm, a one-way function, and/or another one-way method. For example, the registration code may be generated according to the equation Φ₁(T)=R. A one-way method, herein denoted Φ₁ (possibly having one or more indices representing different functions associated with different users or applications), has the property that given an output value z, it is computationally extremely difficult to find the input m_(z) such that Φ₁(m_(z))=z. In other words, a one-way method is a method Φ₁ that can be easily computed, but whose inverse Φ₁ ⁻¹ is extremely difficult (e.g., impossible) to compute. One way to quantify the difficulty to compute Φ₁ given an output z, is to use the number of computations that are expected to be required to compute and/or guess Φ₁ For one type of method, it is that it is expected to take between O(2^(n/2)) and O(2^(n)) computational steps to find or guess m_(z), (depending on the how clever the one performing the computations is) where n is the number of bits in the output z. By using a one-way method for computing the registration code, even if the registration code is intercepted or otherwise stolen, it is unlikely that the registration code can be used to discover identifying information T.

One set of methods that may be used are one-way functions in which finding the inverse involves an operation that is mathematically indeterminate, impossible, intractable, or computationally impractical or difficult. For example, one method is to use a collection of step functions each of whose domain and range is [0, 1, 2, . . . 255] and apply a distinct step function to a part of T. The information from T could be used to determine which step functions to select from the collection. If 16 step functions are chosen from the collection, then this would create an output of 128 bits. If n step functions are chosen from the collection, then this would create an output of 8n bits. An alternative to this would be to construct 32 matrices resulting from the step functions and compute the determinant modulo 256 for each of the 32 matrices. This creates a one-way function whose output is 256 bits. As another example, method Φ₁ could involve first representing user information T by a string of digits. Then, each digit of the string of digits could be multiplied by a corresponding digit from another string of digits, where at least one digit of the other string has a value of zero. The inverse of this method would involve at least one division by zero for each multiplication by a digit with the value of zero, which has no inverse, and consequently this method would also be one-way. Similarly, functions for which finding their inverses involves computing a non-convergent series or non-convergent integral are other examples of classes of functions that may be used as one-way functions.

Another class of one-way functions involves computations that cause a loss of information or a discarding of selected pieces of information. Since some of the input information is lost in computing this class of one-way functions, the original input information (e.g., identifying information T) is difficult and may be impossible to recover. For example, a one-way function may be constructed by first performing a randomizing operation such as discarding random bits of information from the input, adding random bits of information to the input, and/or performing another randomizing operation to the input, and then another function may be applied to the information retained. Similarly, the same randomizing operations may be performed on the output of the function.

In an embodiment, a one-way hash function is used as method Φ₁. A hash function is one that accepts as its input argument an arbitrarily long string of bits (or bytes) and produces a fixed-size output. In other words, a hash function maps a variable length input m to a fixed-sized output, Φ₁(m). Typical output sizes range from 128 to 512 bits, but can also be larger. An ideal hash function is a function Φ₁ whose output is uniformly distributed in the following way. For example, suppose the output size of Φ₁ is n bits. If the input m is chosen randomly, then for each of the 2_(n) possible outputs z, the probability that Φ₁(m)=z is 2^(−n). This is a definition of an ideal hash function.

A real hash function with output size n bits should have the property that the probability of each of its 2^(n) possible outputs can be compared against the ideal probability of 2^(−n). The chi-square function on n−1 degrees of freedom is a useful way to measure the quality of a real hash function. One uses a chi-square on n−1 degrees because there are n bits of output. And then one can compute a confidence level that the real hash function is close to an ideal hash function. Some typical confidence levels could be 90%, 95%, 99%, 99.5% and 99.999% depending on the level of security desired. In an embodiment, the hash functions that are used are one-way. Other types of one-way functions or methods may be used in place of a hash function. In an embodiment, the hash functions that are used are one-way. Other types of one-way functions or methods may be used in place of a hash function.

Any of a number of hash functions may be used for Φ₁. One possible hash function is SHA-256, designed by the National Security Agency and standardized by the NIST, [NIST_STANDARDS_(—)1995]. The output size of SHA-256 is 256 bits. Other alternative hash functions are of the type that conforms to the standard SHA-1, which produces output values of 160 bits, and SHA-512, which produces output values of 512 bits, [NIST_STANDARDS_(—)2001].

There are different methods that Φ₁ may be used for hashing fingerprints and other kinds of input. As an alternative to biometric data, other types of input could be used. For example, the input to a hashing function could be a sequence of symbols such as a passcode or a registration code (that is different from the passcode or registration code that is produced). Different types of methods of hashing are appropriate for different sizes of codes, and different types of fingerprint information that is passed to the hash function. One method is to take two different fingerprints and apply the hash function SHA-256 to each print. For ease of explanation, denote the hash function SHA-256 as Φ₁. Each application of Φ₁ to a fingerprint produces an output value of 256 bits. With two fingerprints, these bits are concatenated together to create a 512-bit code, which may be called C.

Another method for Φ₁ uses two different sections S and T of a single acquired fingerprint, and produce a 512-bit code, C, by concatenating Φ₁(S) and Φ₁(T). An enhancement of this method can be used to create codes larger than 512-bits. Divide one acquired fingerprint into n sections: S₁, S₂, . . . , S_(n). Then concatenate the bits Φ₁(S₁), Φ₁(S₂), . . . , Φ₁(S_(n)). This creates a code C that is 256n bits in length. For example, if the acquired fingerprint is divided into 10 sections, then this method would create a code with 2,560 bits. Any of the methods used as one-way functions for generating registration code R may also be used for generating passcodes or may be used at any of the other places in this application where a one-way function is useful. In another embodiment, method Φ₁ could be a random number generator.

Setup portion 104 uses registration code R and a method Φ₂, which may be a one-way function, to generate an initial passcode generator G₁. Initial passcode generator G₁ may be used for generating an initial passcode. A passcode generator, also known as a seed, can be a string of characters or other form of a code similar to registration code R or a passcode. Passcode generators may be stored securely by administrator 102 for use in verifying a passcode that is submitted by passcode device 101. The initial passcode generator G₁ may be generated according to the equation Φ₂(R)=G₁. Method Φ₂ (which also may be referred to as a generating method) may be the same as, or different from, method Φ₁.

Using passcode generators, such as G₁, enables the identification of a person without having access to the user's identifying data, such as the user's biometric data (e.g., fingerprints) or social security number or other identifying data. For example, some citizens and organizations are concerned about the government and other institutions storing a person's biometric data. Using a passcode generator, such as G₁, an institution can identify a person with a unique registration or passcode, which is derived from his or her fingerprint, other biometric data, and/or other authentication data.

Request portion 106 requests access to a secure device. In an embodiment, request portion 106 generates a passcode, which may be used for requesting access to a secure entity. For example, request portion may use a method, Φ₃, and a generator, G_(i), for generating a passcode P_(i). Method Φ₃ may be a one-way method such as a one way function, similar to method Φ₂. Method Φ₃ (which may be referred to as a generating method) may be the same as or different from methods Φ₁ and/or Φ₂. For example, request portion 106 may compute a passcode using the equation, Φ₃(G_(i))=P_(i). The index i is used to indicate the ith passcode P_(i), which in an embodiment is generated by the ith request for a passcode. In an embodiment, each passcode, P_(i), is generated by using a different generator G_(i). In an embodiment, each new generator, G_(i+1), may be generated from a prior generator, G_(i), using a method f, according to the equation, f(G_(i))=G_(i+1), for example.

In embodiments that use a graphical (e.g. LCD) display for the registration code and/or passcode, the function Φ₃ may be equal to D∘Φ where D is a display function and Φ is, for example, a one-way hash function. An example of a display function D, entitled code_to_alphanumeric_no_lO, may be implemented in the C programming language as follows:

// Returns a, b, c, d, e, f, g, h, i, j, k, m, n, o, p, q, r, s, t, u, v, w, x, y, z, 0, 1, 2, 3, 4 // 5, 6, 7, 8, 9, A, B, C, D, E, F, G, H, I, J, K, L, M, N, P, Q, R, S, T, U, V, X, Y, Z, // // Does not return little ‘l’ and capital ‘O’ : 60 distinct symbols UNSIGN_8_BITS convert_alphanumeric_no_lO(UNSIGN_8_BITS c) {  int val = c % 60;  if (val < 11) return (‘a’ + val);  else if (val < 25) return (‘m’ + (val − 11) );  else if (val < 35) return (‘0’ + (val − 25));  else if (val < 49) return (‘A’ + (val − 35) );  else return (‘P’ + (val − 49) ); } int code_to_alphanumeric_no_lO(UNSIGN_8_BITS* p_alphanumeric, int length,              UNSIGN_8_BITS* p_code) {  int k;  for(k = 0; k < length; k++)  {   p_alphanumeric[k] = convert_alphanumeric_no_lO( p_code[k] );  }  return 0; }

In general, the output of Φ₃(G_(i)) is a sequence of bytes and each of these bytes may be a value ranging from 0 to 255. In embodiments where there is a graphical display of the registration and/or passcode, the display function D is helpful because some byte values have a graphical output that is difficult to read by a user, (letter O versus the number 0), unreadable such as an end of file character, or a character that is difficult for a person to reliably describe, such as ‘&’, which some people do not know is called an ampersand. The primary purpose of the display function D is to convert unreadable or difficult-to-read byte values to readable byte values.

Setup 108, request for access 110, reply 112, and access to secure device 114 are different forms of communications in which passcode device 101 participates. Setup 108, request for access 110, and reply 112 are embodiments of the communications represented by the lines connecting passcode device 101, administrator 102, and secure entity 103 in FIG. 18. In an embodiment, passcode device 101 may send registration code R to another entity, when sending setup 108. In an embodiment, passcode device 101 sends a user ID U with the registration code R to another entity or elsewhere as part of setup 108. Alternatively, passcode device 101 receives the user ID U from the other entity or from elsewhere. Request access 110 is a request for access to secure device 103. Request 110 may include sending passcode P_(i), for example. In an embodiment, user ID U is also sent as part of request 110.

Reply 112 is a reply to request 110. Reply 112 may include a grant or a denial of request 110 for access to secure entity 103. In an embodiment, administrator 102 receives registration codes R from passcode device 101 as part of setup 108, and receives requests for access to a secure device from passcode device 101, as part of request 110. In an embodiment, administrator 102 may also grant or deny access to a user associated with passcode device 101, as part of reply 112. Access to secure device 114 are communications between passcode device 101 and secure entity 103. Access to secure entity 114 can be blocked from occurring or allowed to occur by administrator 102.

Administrator 102 includes setup portion 116, which uses registration code R received from passcode device 101, to generate the initial passcode generator G₁. In alternative embodiments, setup portion 116 may be located outside of administrator 102. Since administrator 102 may service several passcode devices 101 and/or several users, user ID U may be used to associate a registration code R, the generators G_(i), and the passcodes generated with a passcode device 101 and/or a user U, which may be written as R_(U) and G_(Ui), respectively. In this notation, the index U distinguishes the registration code R_(U) and generator G_(U1) of user U from the registration code and generators of other users. Registration code R_(U) denotes registration code R after having been associated with user U at the administrator's side.

Since administrator 102 may need to authenticate the passcode submitted by passcode device 101, administrator 102 may need to generate the same set of passcodes as passcode device 101 in order to perform the authentication. Administrator 102 may generate the passcodes generated by passcode device 101 by using the same methods (e.g., one-way functions such as one-way hash functions or random number generators) and generators as used by passcode device 101. Consequently, administrator 102 uses method Φ_(U2) to generate an initial passcode generator G_(U1). Method Φ_(U2) may be the same for all U as long as the registration codes R_(U) are different for each of the U's. In an embodiment, methods Φ_(U2) are in general different for each U. If methods Φ_(U2) are different, then the R_(U)'s do not need to necessarily be different so long as the resulting passcodes for different users are in general different. The passcodes of different users can be different if methods Φ_(U3) or passcode generators G_(Ui) are different for different users, while the G_(Ui)'s will be different for different users if methods Φ_(U2) and/or R_(U) are different.

Similar to passcode device 101, administrator 102 may generate the initial passcode generator G_(U1) according to the equation Φ_(U2)(R_(U))=G_(U1). In an embodiment, for a given authorized user U, Φ_(U2), R_(U), and G_(U1) are the same as Φ₂, R, and G₁.

Administrator 102 also includes request portion 118. In alternative embodiments, request portion may be located outside of administrator 102. For example, request portion 118 may be stored and executed on a system having a database that stores information being accessed. Request portion 118 receives, via request 110, passcode P_(i) and user ID U from request portion 106 of passcode device 101. Database 122 may be part of administrator 102, as illustrated in FIG. 1B, or may be located elsewhere. Database 122 may store current passcode generators and/or other user information. In an embodiment, based on user ID U, request portion 118 receives a passcode generator from database 122, and generates a passcode that is compared with the passcode P_(i) received from the passcode device. The passcode P_(i) generated is expected to be same passcode that user U sent with the current request if user U is an authorized user.

For example, request portion 118 may use method Φ_(U3) and a passcode generator, G_(Ui), for generating a passcode P_(Ui). Method Φ_(U3) may be the same as or different from method Φ_(U2). For example, request portion 118 computes a passcode using the equation, Φ_(U3)(G_(Ui))=P_(Ui). Each passcode, P_(Ui), is generated by using a different passcode generator G_(Ui). Each new passcode generator, G_(Ui+1), may be generated from a prior passcode generator, G_(Ui), using method f_(U), according to the equation, f_(U)(G_(Ui))=G_(Ui+1), for example. Request portion 118 compares passcode P_(Ui) to passcode P_(i), and if passcode P_(Ui) and passcode P_(i) are the same, authorization to access to secure entity 103 is granted from request portion 118 of administrator 102, via reply 112, to the user associated with passcode device 101.

Methods Φ_(U3) and f_(U) may be the same for all U as long as the passcode generators G_(Ui) and G_(Ui+1) are different. In an embodiment, methods Φ_(U3) and f_(U) are in general different for different U. In an embodiment, for a given authorized user U, Φ_(U3), f_(U), G_(Ui), and G_(Ui+1) are the same as Φ₃, f, G_(i), and G_(i+1), respectively, except that Φ_(U3), G_(Ui), and G_(Ui+1) are generated in association with administrator 102 and Φ₃, f, G_(i), and G_(i+1) are generated at passcode device 101. Setup portion 116 and request portion 118 may be separate portions of code, such as objects, subroutines, functions, and/or methods. Setup portion 116 and request portion 118 may not be separate portions of code, but may be lines of code intermingled with one another and/or other parts of administrator 102.

FIG. 1C shows one embodiment of system 100. In the embodiment of FIG. 1C, passcode device 101 includes setup portion 104 and request portion 106, similar to the embodiment of FIG. 1B. In the embodiment of FIG. 1C, system 100 includes setup 108, request for access 110, reply 112, and administrator 102. Administrator 102 includes API 144, which may include setup API 145, request API 147. Administrator 102 may also include setup portion 156, and request portion 158. As in FIG. 1B, in FIG. 1C system 100 also includes database 160 and secure entity 103. Request portion 158 may include error handler 120. In other embodiments of FIG. 1C, system 100 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Passcode device 101, administrator 102, and secure entity 103 were explained in conjunction with FIG. 1A. Setup portion 104 (of passcode device 101), request portion 106 (of passcode device 101), setup 108, request for access 110, reply 112, and request for access 110 were also explained above in conjunction with FIG. 1B. Setup portion 156, request portion 158, database 160 function in essentially the same manner as setup portion 116, request portion 118, database 122 (FIG. 1B). However, setup portion 156, request portion 158, database 160 are numbered differently from setup portion 116, request portion 118, database 122 (FIG. 1B), because their locations in FIG. 1C are different than in FIG. 1B, and consequently their operations may have differences that relate to their different locations.

In some applications (e.g., an electronic lock for a car), system 100 may not need a database, because the amount of information being stored is relatively small. Other applications, such as accessing a bank account, may have many users and may require the storing of information associated with system 100 in a database. Some institutions may not mind establishing a new database for storing information associated with system 100 when installing system 100. However, other institutions, such as banks, may already use one or more databases. Institutions that already have at least one database may not be interested in maintaining another separate database for the user information associated with system 100, and may prefer to store the user information associated with system 100 in their current database. API 144, setup API 145, and/or request API 147 may communicate with a database for storing and retrieving user information.

To explain API 144, in an embodiment, API 144 is located within administrator 102, and communicates with passcode device 101 and database 160. In an embodiment in which administrator 102 is a human (and in other embodiments), API 144 may be external to the rest of administrator 102. Setup API 145 is the interface through which the user, passcode device 101, or a human administrator setup and/or register new user. Request API 147 is the interface through which a user, passcode device 101, or a human administrator request access to secure entity 103. Setup API 145 and request API 147 may share the same fields for entering data or may use different fields. Similarly, setup API 145 and request API 147 may not be distinct modules, but may be different portions of code within administrator 102 and/or API 144 and may be parts of the same module. Alternatively, the lines of code that make setup API 145 and request API 147 may be intermingled with one another, and/or with the rest of administrator 102. Setup API 145 and request API 147 may be any combination of hardware and software. The software portion of setup API 145 and request API 147 (if present) may be written using any of a number of scripts and/or computer languages such as PHP, JSP, a web interface that calls JavaScript routines, C, Perl, TCL, Pascal, and/or Basic.

In an embodiment, setup API 145 and request API 147 may be capable of handling both clients that prefer to use pre-existing database, such as database 160, and those that prefer to use a newly established database, facilitating a quick integration of system 100 into a pre-existing system and thereby reducing the financial costs of integration. In an alternative embodiment, a different setup API 145 and/or request API 147 are used depending upon whether the customer intends on using their own database or allowing administrator 102 to setup a database.

To explain setup API 145 in conjunction with setup portion 156, setup API 145 may cause user information, such as passcode generators G_(Ui) to be stored in database 160. Setup API 145 may cause methods Φ_(U2) and/or Φ_(U3) to be stored within administrator 102 for use by setup portion 156. Methods Φ_(U2), Φ_(U3), and/or f_(U) may also be stored within administrator 102 for use by setup portion 156.

Request portion 158 may contain proprietary executable code that receives a passcode from request API 147. Request portion 158 may determine whether passcode P_(i) is valid or not.

Regarding database 160, database 160 may have existed prior to the installation of system 100, and may store a variety of different types of information, some of which may have not had any relationship to granting access to the secure entity 103. When configuring system 100 or when setting up a new user, if database 160 already exists and already has a records for the user of interest, system 100 may add a field to the record for a user ID U and for a passcode generator G_(Ui). In an alternative embodiment, database 160 is within administrator 102, and is installed with and/or after administrator 102.

Putting together the above discussion of API 144, setup portion 156 and request portion 158, and database 160, a registration code R may be based upon (e.g., copied from or received as) output from passcode device 101 and optionally may also be based on other user information that is entered into the setup API 145. Setup API 145 calls setup portion 156 and passes registration code R as an argument, where registration code R is received by setup portion 156.

In an embodiment, setup portion 156 determines if registration code R is valid, and sends a valid or invalid message back to setup API 145. The determination of whether registration code R is valid may be a determination as to whether registration code R fits a particular format. If administrator 102 stores a copy of the user information from which registration code was derived, then the determination as to whether registration code is valid may include generating the registration code at registration portion 156, comparing the generated registration code with the received registration code. Determining whether registration code R is valid may involve verifying that the user associated with registration code R exists, determining whether user ID U is valid, and/or verifying other user information that registration portion 156 has access to. Determining whether registration code R is valid may involve administrator 102 sending a communication to passcode device 101 or the associated user confirming that the registration code was sent. If valid, the setup API 145 also sends a passcode generator G_(Ui) (generated from registration code R) and may optionally send other user information, such as the user ID U, to database 160.

When a user would like to access secure entity 103, a passcode P_(i) is entered into, transmitted to, and/or received by request API 147 based on output from passcode device 101. Request API 147 calls request portion 158, using passcode P_(i) as an argument. User ID U may be encoded within passcode P_(i), and request portion 158 may extract user ID U from passcode P_(i). Request portion 158 may return user ID U to request API 147. If passcode P_(i) is invalid, request portion 158 may return an invalid user ID U. Alternatively, instead of request portion 158 extracting the user ID U from passcode P_(i), the user may enter user ID U into request API 147, or request API 147 may receive user ID U from passcode device 101.

Administrator 102 uses user ID U as a database index for the purpose of retrieving passcode generator G_(Ui) from the database 160. If user ID U is an invalid index, then administrator 102 sends an invalid message to request API 147. If user ID U is a valid index, then the administrator 102 sends passcode generator G_(Ui) to request API 147. Request API 147 calls request portion 158, and sends two arguments, passcode P_(i) and passcode generator G_(Ui), which are received by request portion 158. Request portion 158 determines whether passcode P_(i) and passcode generator G_(Ui) match. If passcode P_(i) and passcode G_(Ui) match, then request portion 158 returns a valid message and the updated passcode generator G_(Ui+1)=f(G_(Ui)) to the request API 147. Administrator 102 stores passcode generator G_(i) or an updated version of passcode generator G_(Ui+1) in database 160, such that passcode generator G_(i) or its updated version is indexed by user ID U. However, if passcode P_(i) and passcode generator G_(Ui) do not match, the request portion 158 returns an invalid message to request API 147. Then request API 147 may send an invalid message to the user U, a human administrator, and/or passcode device 101.

FIG. 2 shows an example of an embodiment of a secure system 200. Secure system 200 includes passcode device 202, computer 204 having input system 206 and output system 208. Secure system 200 also includes system 210, network 212, system 214, system 216, system 218, and system 220. In other embodiments secure system 200 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Secure system 200 illustrates some of the variations of the manners of implementing system 100. Passcode device 202 is one embodiment of passcode device 101. Passcode device 202 is capable of being plugged into and communicating with computer 204 or with other systems via computer 204. Passcode device 202 also may communicate wirelessly with computer 204. A user may use input system 206 and output system 208 to communicate with passcode device 101.

Computer 204 is directly connected to system 210, and is connected, via network 212, to system 214, system 216, and system 218, which is connected to system 220. Network 212 may be any one or any combination of one or more Local Area Networks (LANs), Wide Area Networks (WANs), wireless networks, telephones networks, and/or other networks. System 218 may be directly connected to system 220 or connected via a LAN to system 220. Administrator 102 may be any of, a part of any of, or any combination of any of computer 204, system 210, network 212, system 214, system 216, system 218, and/or system 220. Secure entity 103 and may be any of, a part of any of, or any combination of any of system 210, network 212, system 214, system 216, system 218, and/or system 220. For example, administrator 102 may be located on system 214, and secure entity 103 may be located on system 216. As another example, administrator 102 may be located on computer 204, and secure entity 103 may be located on system 210, 214, system 216, system 218, system 220, and/or network 212. As yet another example, administrator 102 and secure entity 103 may both be located on system 216 or may both be located on system 210. As another example, system 218 may be administrator 102, and system 220 may include secure entity 103.

FIG. 2B shows a block diagram of a computer system 250 used in system 100. Computer system 250 may include output system 252, input system 254, memory system 256, processor system 258, communications system 262, and input/output device 264. In other embodiments, computer system 250 may not include all of the components listed above or include other components in addition to and/or instead of those listed above.

Computer system 250 is an example of a system that may be used for any one of, any combination of, or all of computer 204, system 210, system 214, system 216, system 218, and/or system 220.

Output system 252 may include any one of, some of, any combination of, or all of a monitor system, a handheld display system, a printer system, a speaker system, a connection or interface system to a sound system, an interface system to peripheral devices and/or a connection and/or interface system to a computer system, an intranet, and/or an internet, for example.

Input system 254 may include any one of, some of, any combination of, or all of a keyboard system, a mouse system, a track ball system, a track pad system, buttons on a handheld system, a scanner system, a microphone system, a connection to a sound system, and/or a connection and/or interface system to a computer system, intranet, and/or internet (e.g., IrDA, USB), for example.

Memory system 256 may include, for example, any one of, some of, any combination of, or all of a long term storage system, such as a hard drive; a short term storage system, such as random access memory; a removable storage system, such as a floppy drive, jump drive or other removable drive; and/or flash memory. Memory system 256 may include one or more machine-readable mediums that may store a variety of different types of information.

The term machine-readable medium is used to refer to any medium capable of carrying information that is readable by a machine. One example of a machine-readable medium is a computer-readable medium. Another example of a machine-readable medium is paper having holes that are detected that trigger different mechanical, electrical, and/or logic responses. For example, embedded software is stored on a machine-readable medium. Software versions of any of the components of FIGS. 1A-C may be stored on machine-readable mediums.

Processor system 258 may include any one of, some of, any combination of, or all of multiple parallel processors, a single processor, a system of processors having one or more central processors, and/or one or more specialized processors dedicated to specific tasks.

Communications system 262 communicatively links output system 252, input system 254, memory system 256, processor system 258, and/or input/output system 264 to each other. Communications system 262 may include machine-readable media such as any one of, some of, any combination of, or all of electrical cables, fiber optic cables, long term and/or short term storage (e.g., for sharing data) and/or means of sending signals through air (e.g., wireless communications), for example. Some examples of means of sending signals through air include systems for transmitting electromagnetic waves such as infrared and/or radio waves and/or systems for sending sound waves.

Input/output system 264 may include devices that have the dual function as input and output devices. For example, input/output system 264 may include one or more touch sensitive display screens, which display an image and therefore are an output device and accept input when the screens are pressed by a finger or stylus, for example. The touch sensitive screens may be sensitive to heat and/or pressure. One or more of the input/output devices may be sensitive to a voltage or current produced by a stylus, for example. Input/output system 264 is optional, and may be used in addition to or in place of output system 252 and/or input device 254.

FIG. 3A shows one example of a passcode device 202. Passcode device 202 includes acquisition mechanism 302, cover 304, and interface 306. In other embodiments, passcode device 202 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Acquisition mechanism 302 may be a mechanism of acquiring fingerprints. Cover 304 may be a cover for covering acquisition mechanism 302, and for protecting acquisition mechanism 302 when acquisition mechanism 302 is not in use. Cover 304 may swing open, slide open, and/or snap off and on. Interface 306 is for connecting with an electronic device, such as a computer. Interface 306 may be a USB port, an RS 232 connection, a wireless connection using RFID, a serial port or any of a number of other types of connections.

FIG. 3B shows an example of a passcode device 350. Passcode device 350 includes display 352, acquisition mechanism 354, and cover 356. In other embodiments passcode device 350 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Passcode device 350 is an embodiment of passcode device 101. Passcode device 350 may be used instead of passcode device 202 in FIG. 2A. Display 352 displays passcodes and/or registration numbers. Display 352 is an interface with which the user interacts with passcode device 352, and may be used for transferring the passcode or registration code to an administrator. Passcode device 350 may also include a transmitter for transmitting the passcode or registration code via radio waves, light pulses, and/or sound, for example. Acquisition mechanism 354 maybe for acquiring fingerprints and/or images of other parts of the body of the user. The user may swipe her or his finger over acquisition mechanism 354. In response, display 352 may display a passcode that is only good for one use. The user reads the passcode or registration code and causes the passcode and/or registration code to be submitted to an administrator. Cover 356 slides over the portion of passcode device 350 having acquisition mechanism 354 to protect acquisition mechanism 354 from damage when not in use.

FIG. 4 shows an example of a passcode device 400. Passcode device 400 includes display 402, keypad 404, and acquisition mechanism 406. In other embodiments passcode device 400 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Passcode device 400 is an embodiment of passcode device 101, which may be used instead of passcode device 202 in FIG. 2A. Display 402 may display passcodes, registration numbers, status information, instructions, replies to commands, for example. Passcode device 400 may also include a transmitter for transmitting the passcode or registration code via radio waves, light pulses, and/or sound, for example. Keypad 404 is for entering user information and commands, for example. Acquisition mechanism 406 maybe for acquiring fingerprints and/or images of other parts of the body of the user. Having both keypad 404 and acquisition mechanism 406 allows passcode device 400 to be configured to require that the user enter identifying information, such as social security number and birthday, in addition to the user information acquired via acquisition mechanism 406.

FIG. 5A shows an example of an embodiment of secure system 500. Secure system 500 includes display 502, keypad 504, acquisition mechanism 506, key 508, and car 510. In other embodiments passcode device 500 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Passcode device 500 is an embodiment of passcode device 101. Display 502 may display passcodes, registration numbers, status information, instructions, replies to commands, for example. Keypad 504 is for entering user information and commands, for example. Acquisition mechanism 506 may be for acquiring fingerprints and/or images of other parts of the body of the user. Key 508 may be used as an alternative way of unlocking car 510. The user enters user information via acquisition mechanism 506, and then may choose a particular action or command such as open the driver's door, open all of the doors, open the trunk, lock the driver's door, and/or lock all of the doors.

Any one of, or any combination of, passcode devices 350, 400, and 500 maybe used in place of, or in addition to, passcode device 202 within system 200, for example. Passcode devices 202, 350, 400, and 500 are just a few example of the many embodiments of passcode device 101.

FIG. 5B shows an example of a system 550. System 550 includes at least passcode device 350 and electromechanical lock 552. As in FIG. 3B, passcode device 350 includes display 352, acquisition mechanism 354, and cover 356. In other embodiments passcode device 350 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Passcode device 350 and its components were described in FIG. 3B. In system 550, passcode device 350 opens electromechanical lock 552. In an embodiment, administrator 102 is located within electromechanical lock 552. Passcode device 350 may communicate with electromechanical lock 552 by sending electromagnetic signals that include the passcode to electromechanical lock 552. If the passcode is sent via electromagnetic signals, then display 352 is unnecessary and may not be included. Alternatively, electromechanical lock may include a key pad or other means for manually entering the passcode read off of display 352.

FIG. 6 shows a block diagram of a circuit of an embodiment of the passcode device 101. Passcode device 101 may include passcode circuitry 602, which may include secure area 604, program 605, and user information 606. Passcode device 101 may also include acquisition mechanism 608 and interface 610. In other embodiments circuit 600 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Passcode circuitry 602 generates passcodes P_(i), registration codes R, passcode generators G_(i) or G_(Ui), and communicates with administrator 102. Passcode circuitry 602 authenticates information acquired from the user and decides whether to generate a passcode, based on the information. Passcode circuitry 602 may implement setup portion 104 request portion 106. Passcode circuitry 602 may include a processor chip. Alternatively, passcode circuitry 602 may send instructions to be processed by a processor associated with computer 204 (FIG. 2) and/or include specialized logic circuits for performing specific functions.

Passcode circuitry 602 may execute software instructions or perform similar functions, such as acquiring user information which may include a fingerprint (or other user information) from a sensor, matching acquired user information (e.g., an acquired fingerprint) against a stored user information extracted form other user information (e.g., fingerprint information extracted from a fingerprint), sending communication and control commands to a display, and/or encrypting the registration code R and transmitting the encrypted registration code R to the administrator 102 when the user and administrator 102 are not in the same physical location. By including a processor or an equivalent specialized logic circuit as part of passcode circuitry 602 in passcode device 101 the security is enhanced, because external processors are given fewer chances to inspect the contents of passcode device 101.

Alternatively, passcode circuitry 602 may only store software instructions that are run by an external processor, and the external processor gives instructions to cause the acquisition of user information, the encryption of user information, and/or the generation of the passcode, for example. Alternatively, a specialized logic circuit is included in passcode circuitry 602 that carries out the functions that the software causes the processors to perform. Passcode circuitry 602 may include memory.

Secure area 604 may be a portion of passcode circuitry 602 that uses embedded software. Secure area 604 may be memory that is onboard, or partially onboard, passcode circuitry 602. In some embodiments, the secure area 604 includes at least some memory that is onboard passcode circuitry 602. For example, in an embodiment in which passcode circuitry 602 includes a processor chip, secure area 604 may include cache associated with the process and/or other memory onboard the processor chip. For example, secure area 604 may store fingerprint templates, details of fingerprints, and/or copies of images of fingerprints on secure area 604. Some of secure area 604 may be non-volatile. The use of non-volatile memory enables the device to permanently store code generation information, user information (such as fingerprint information), executable code, and/or registration codes, for example.

In yet another embodiment, user information is used to generate registration code R, passcode generator G_(i), and/or passcodes P_(i) within secure area 604. Secure area 604 may store method f, method Φ₁, method Φ₂, and/or method Φ₃. The use of fingerprints or other user information to create passcodes within secure area 604 or the use of fingerprints or other user information instead of passcodes within a secure area eliminates or reduces the need to memorize and store passcodes in an unsecure system.

Program 605 is executed by passcode circuitry 602. Program 605 may be the embedded software that runs within secure area 604. Program 605 is an example of an executable program that may stored in secure area 604. In an embodiment, there is no operating system on passcode device 101. In an alternative embodiment, there is an operating system. By executing program 605 (e.g., software for handling fingerprints or other user data) in a secure embedded device, the fingerprints are less susceptible to theft; the fingerprints are not transmitted to the unsecure device, nor is there any need to have encrypted templates of the fingerprints transmitted to an unsecure device.

User information 606 may also be stored in secure area 604. User information 606 may include, or may be information derived from, any of the forms for user information and identifying information discussed above (e.g., fingerprints, iris scans, etc.), registration code R, method f, method Φ₁, method Φ₂, and/or method Φ₃, and/or passcode generator G_(i). Storing passcode generator G_(i) in secure area 604 may facilitate quickly generating a one-time passcode, because the user does not need to wait for passcode generator G_(i) to be generated.

The security of the passcode circuitry 602 may be enhanced by any one of, any combination or of, or all of (1) the use of embedded software, such as program 605, (2) the lack of an operating system, and (3) secure area 604 being at least part of a self-contained device not connected to a computer or the interne. For example, the unit that includes secure area 604 may contain its own processor as passcode circuitry 602. In an embodiment, the secure area 604 may not have any of these security enhancing features.

Acquisition mechanism 608 acquires information that is used by passcode circuitry 602 during the process of generating passcodes. Although not necessary, in some embodiments, acquisition mechanism 608 and passcode circuitry 602 could be integrated into a single chip. Alternatively, acquisition mechanism 608 and passcode circuitry 602 may be two separate chips. The user information acquired by acquisition mechanism 608 or user information derived from user information acquired by acquisition mechanism 608 may be stored in secure area 604. Acquisition mechanism 608 may acquire information that is used to identify a user. The information acquired by acquisition mechanism 608 may be used by passcode circuitry 602 for authenticating or identifying a user as a prerequisite for granting a passcode. For example, acquisition mechanism 608 may acquire fingerprints, details of fingerprints, copies of images of fingerprints, and/or other user information. Acquisition mechanism 608 may include a fingerprint sensor that enables passcode device 101 to scan fingerprints. Acquisition mechanism 608 may include a area sensor or a sweep sensor, for example. In an embodiment, acquisition mechanism 608 is capable of acquiring fingerprints and authenticating a newly acquired fingerprint.

In an embodiment, interface 610 is a display, such as display 352 (FIG. 3), display 402 (FIG. 4), and display 502 (FIG. 5A). In another embodiment, interface 610 interfaces with hardware associated with administrator 102 and/or secure entity 103. Passcode circuitry 602 sends instructions and/or other signals, via interface 610 to administrator 102 and/or secure entity 103 or to hardware associated with secure entity 103. Interface 610 may draw power from hardware associated with secure entity 103, which is used to power the operations of passcode device 101. Optionally, for example, interface 610 may be a USB port, serial port, a parallel port, and/or other connection.

FIG. 7 shows a flowchart of and example of a method for setting up passcode device 101. During step 702, identifying information T is acquired by passcode device 101. For example one or more fingerprints, one or more images of the face, one or more images of eyes, or other pieces of identifying information T are acquired. Optionally, information may be extracted from the identifying information. Optionally, identifying information T is also acquired by administrator 102. For example, administrator 102 may be associated with a bank, and the bank may require that the user visit the bank so that the identifying information T (e.g., fingerprints) can be acquired in person. During step 704, one or more unique registration codes R are generated from the one or more of the fingerprints, which may be generated according to the equation Φ₁(T)=R. In an embodiment, during step 704, in the secure area 604 of the passcode device 101, fingerprint information obtained from the user is passed to method Φ₁, which may be a one-way function or another method of encoding that generates a registration code, R.

During step 706, registration code R is securely given to administrator 102. Registration code R is created during step 704, and securely given to administrator 102 during step 706. The registration code R may be given to administrator 102 in the same physical place, such as at a bank, or registration code R may be mailed or electronically transmitted to administrator 102 if the setup is accomplished remotely. In some applications, registration code R may be encrypted first and then electronically transmitted or sent by mail. In the embodiment in which administrator 102 is associated with an entity that has acquired identifying information T, administrator 102 causes the identifying information to be authenticated, thereby verifying that the user is legitimate. Optionally, registration code R is stored and indexed by administrator 102 according to user ID U, as R_(U). Alternatively, even if identifying information T is not collected by administrator 102, other information may be checked to determine the validity of registration code R. For example, other identifying information may be sent with registration code R or the format of registration code R may checked to determine whether registration code R is valid.

During step 708, an initial passcode generator G₁ is created and stored in flash memory, a cache, or other memory of the processor contained in the secure area 604 (FIG. 6) of passcode device 101. Initial passcode generator G₁ may be created according to equation Φ₂(R)=G₁. Initial passcode generator G₁ may then be stored for later use in generating an initial passcode P₁ according to P₁=Φ₃(G₁). During this later use of initial passcode generator G₁ after generating passcode P₁a, passcode P₁ is subsequently transmitted to the host (e.g., administrator 102) for authentication. In this embodiment, passcode P₁ is not stored at passcode device 101, but is created just prior to being used and then discarded just after being used to reduce the chance of passcode P₁ being stolen. In an alternative embodiment, passcode P₁ can generated immediately after generating passcode generator G₁ and then passcode P₁ can also be stored in secure area 604 of the processor to reduce execution time at passcode device 101.

Similarly, at administrator 102, the initial passcode generator G₁ is created and stored. Optionally, as part of storing initial passcode generator G₁, initial passcode generator G₁ is indexed according to a user ID U as G_(U1). Similarly, each subsequent passcode generator G_(i) may be stored and indexed according to user ID U, as G_(Ui). In this embodiment, passcode P₁ is not stored at administrator 102, but is created just prior to being used and then discarded just after being used to reduce the chance of passcode P₁ being stolen. In an alternative embodiment, passcode P₁ can be generated at administrator 102 immediately after generating passcode generator G₁ and then passcode P₁ can also be stored in database 122 or 160 to reduce execution time at administrator 102. In other embodiments, method 700 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally the steps of method 700 may not be distinct steps.

FIG. 8 shows a flowchart of an example of a method 800 of generating a passcode. In step 802, the passcode generator G_(i) is retrieved from a secure area 604 (FIG. 6). In the notation of this specification, if this is the first time passcode device 101 is being used after registration, the index i is equal to 1, passcode generator G_(i) is the initial passcode generator G₁. In step 804, a method Φ₃ is applied to passcode generator G_(i), denoted as Φ₃(G_(i)), to create passcode P_(i). In other words, P_(i)=(G_(i)).

In step 806, the passcode generator G_(i) is changed to a new value G_(i+1), where G_(i+1) is set equal to the new value f(G_(i)). There are an infinite number of functions that f could be. The method f may be referred to as a perturbing method (e.g., a perturbing function). One possible perturbing method f could add Φ₃(G_(i)) to G_(i). Another possible perturbing function could be f(G_(i))=Φ₃(G_(i)+Φ₃(G_(i))). More generally, the perturbing function could be f(G_(i))=Φ(G_(i))*G_(i)) or f(G_(i))=Φ(G_(i)*Φ(G_(i))), where “*” may be any operator. For example, “*” may be binary operators such as +, −, OR, NOR AND, NAND, XOR, NOT(XOR). Another possible perturbing method f could consider passcode generator G_(i) as a number and add 1. Another possible perturbing method f could increase passcode generator G_(i) by 2. Another possible perturbing method f could add 1 to passcode generator G_(i) and permute the order of the symbols in passcode G_(i) using some randomly chosen permutation. Even another possible perturbing method f could add 1 to passcode generator G_(i), and then permute the bits in passcode generator G_(i). Passcode generator G_(i) could be used as a seed for a random number generator, which is used as f to generate G_(i+1). Steps 804 and 806 may be performed concurrently or in any order with respect to one another. Step 806 may be performed at anytime after step 802.

In step 808, a passcode P_(i) (e.g., a one time passcode) is either transmitted to a display or submitted directly to administrator 102. During transmission, in some cases P_(i) can be encrypted for additional security, for example in a wireless transmission. There are many different methods for transmitting the passcode P_(i) to the administrator 102. In one method, passcode P_(i) can be displayed to administrator 102 (e.g. if administrator 102 is a human being or if administrator 102 includes a scanner that can scan the display) when the user is in the same physical location as administrator 102. In a second method, the user may transmit passcode P_(i) over the phone (e.g., via a phone call and human voice or via a modem and an electronic signal). In a third method, the user may submit the passcode P_(i) using the Internet. The user may submit the passcode P_(i) by other electronic means such as a fax machine or an ATM machine. Step 808 may be performed anytime after step 804. Steps 806 and 808 may be performed concurrently or in any order with respect to one another. In other embodiments method 800 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally the steps of method 800 may not be distinct steps.

FIG. 9 shows a flowchart of a method 900 of authenticating a passcode P_(i). Method 900 may be performed in response to step 808 of method 800 (FIG. 8). In step 902, administrator 102 enters or receives passcode P_(i) from the user. In an embodiment in which administrator 102 causes passcode generator G_(i) to be indexed according to user ID U, step 902 may include at least two parts, which are step 904 and 906. In step 904, passcode P_(i) is received, and in step 906 user ID U is received. User ID U and passcode P_(i) may be sent as two separate sequences of bits. Alternatively, user ID U and passcode P_(i) may be sent as one sequence of bits in which user ID U is encoded within passcode P_(i). If User ID is encoded within passcode P_(i), then receiving user ID U includes extracting user ID U from P_(i). In another embodiment, passcode P_(i) and user ID U may be concatenated together or otherwise encoded within the same sequence of bits. Step 906 is optional, and passcode P_(i) may be sent without any user ID.

In step 908, user ID U is associated with a passcode generator G_(Ui), and passcode generator G_(Ui) is retrieved. Alternatively, in an embodiment in which passcode generators G_(i) are not indexed according to user ID U, for example, a set of all possible passcode generators G_(i) may be retrieved. In step 910, for each passcode generator G_(i) in the database, a method Φ₃ is applied to passcode generator G_(i), denoted as Φ₃(G_(i)), and Φ₃(G_(i))=P_(Ui); is compared to passcode P_(i). Alternatively, if the passcode generators are indexed, the passcode generator G_(Ui) that is associated with user ID U, a method Φ₃ is applied to passcode generator G_(Ui), denoted as Φ₃(G_(Ui)), and Φ₃(G_(Ui))=P_(Ui) is compared to passcode P_(i).

In step 912, if the passcode generators are indexed, a decision is made as to whether Φ₃(G_(Ui)) equals passcode P_(i). If the passcode generators are not indexed, a decision is made as to whether there is any Φ₃(G_(i)) that equals passcode P_(i). If Φ₃(G_(Ui)) equals passcode P_(i) or if there is a Φ₃(G_(i)) that equals passcode P_(i), then the passcode P_(i) submitted by the user is valid, method 900 continues with step 914. In step 914, access to secure entity 103 is granted. Next, in step 916, the value stored for the passcode generator is set equal to a new value G_(Ui+1)=f(G_(Ui)) or G_(i+1)=f(G_(i)), where f is a method, which may be one of the infinite number of perturbing methods (e.g., perturbing functions), as discussed above. If the passcode generators G_(i) are not indexed according to user ID, the method f is applied only to the passcode generator that matched the submitted passcode P_(i). After step 916, method 900 terminates.

Returning to step 912, if Φ₃(G_(Ui)) does not equal to P_(i) or if there is no Φ₃(G_(i)) that equals P_(i), then the passcode P_(i) submitted by the user is invalid, method 900 continues with step 918 where access is not granted. After step 918, in optional step 920 a further check is performed to see if P_(i) is valid in case there was a human error. Step 920 is discussed further in conjunction FIG. 10. If step 920 is not included in method 900, then step 918 may also include sending a message to the user that passcode P_(i) is invalid. In other embodiments method 900 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally the steps of method 900 may not be distinct steps.

FIG. 10 shows a flowchart of an example of a method for carrying out step 920 of method 900. In step 1002 an initial trial passcode generator, G_(TUi), is computed according to f(G_(Ui))=G_(TUi). In other words, if the user generated a passcode P_(i), but never submitted passcode P_(i), then the value of passcode generator G_(i) at passcode device 101 will be different from passcode generator G_(Ui) or the set of passcode generators G_(i) at administrator 102. Consequently, one manner for correcting this problem is to advance the value of passcode generator G_(Ui) or of the set of passcode generators G_(i) to that of the next index value of i, which is accomplished by applying the perturbing method to the current value of passcode generator G_(Ui) or of the set of passcode generators G_(i). If the passcode generators are not indexed according to user, then the perturbing method needs to be applied to all of the current values of passcode generator G_(i) to obtain a set of initial trial passcode generators G_(Ti).

Next, in step 1004, for trial passcode generator G_(TUi) or for each trial passcode generator G_(Ti) a trial passcode P_(TUi) or a set of trial passcodes P_(Ti) are generated according to Φ₃(G_(TUi))=P_(TUi) or Φ₃(G_(Ti))=P_(Ti). In step 1006, P_(i) is compared to each of the P_(Ti) or P_(TUi). If passcode P_(TUi) matches passcode P_(i) or if there are any trial passcodes P_(Ti) that match passcode P_(i), then step 920 proceeds to step 1008, where access is granted. As part of step 1008, the value of a trial passcode generator G_(TUi) is updated, and the updated value of trial passcode generator G_(TUi+1) is used to replace passcode generator G_(Ui) or the updated value of trial passcode generator G_(Ti+1) is used to replace the passcode generator of the set of passcode generators G_(i) from which trial passcode generator G_(Ti+1) was generated. After step 1008, step 920 terminates.

Returning to step 1006, if passcode P_(TUi) does not match passcode P_(i) or if there are no trial passcode P_(Ti) that match passcode P_(i), then step 920 proceeds to step 1010, where a determination is made as to whether the maximum number of trials has been reached. In other words, it is possible that the user generated multiple passcodes P_(i) and consequently passcode generator G_(Ui) or one of the set of passcode generators G_(i) associated with administrator 102 may lag the value of passcode generator G_(i) at passcode device 101 by several values of index i. Consequently, step 920 may try several applications of perturbing method f before deciding that passcode P_(i) is invalid. Thus, step 920 may be configured for applying f up until a maximum number of trials. If that maximum has been reached without finding a match, then step 920 proceeds from step 1010 to step 1012, and access is not granted. After step 1012, step 920 terminates.

Returning to step 1010, if the maximum number of trials has not been reached, then step 1010 proceed to step 1014 where the perturbing method f is applied to the trial passcode generator G_(TUi) or trial set of passcode generators G_(Ti) according to f(G_(Ti))=G_(Ti+1) or f(G_(UTi))=G_(UTi+1). Next in step 1016, a new passcode P_(UTi+1) or set of passcodes P_(Ti+1) are generated according to Φ₃(G_(Ti))=P_(Ti+1) or Φ₃(G_(UTi))=P_(UTi+1) After step 1016, step 1006 is repeated. Steps 1006, 1010, 1014, and 1016 are repeated until either the maximum number of trials is reached and access is not granted in step 1012 or until a match trial passcode is found, and access is granted in step 1008. In other embodiments, method 1000 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally the steps of method 1000 may not be distinct steps.

FIG. 11 shows a flowchart of an example of a method 1100 for registering a user. Method 1100 is an embodiment of, or may be used as a replacement for, steps 704 and 706 of method 700. In step 1102, the registration code, and optionally other user information, is entered into, transmitted to, and/or received by setup API 145 (FIG. 1C), based on output from passcode device 101. In response, in step 1104 setup API 145 calls setup portion 156 (FIG. 1C) located in administrator 102 (FIG. 1C), and passes registration code R as an argument to setup portion 156 in administrator 102. In step 1106, setup portion 156 determines whether the registration code R is valid. If setup portion 156 determines that registration code R is invalid, method 1100 proceeds to step 1108. In step 1108, a message is sent to setup API 145 that registration code R is invalid. After step 1108, method 1100 terminates. Returning to step 1106, if setup portion 156 determines that registration code R is valid, method 1100 proceeds to step 1110. In step 1110, setup portion 156 sends a passcode generator G_(Ui) or G_(i) and a message back to setup API 145 that registration code R is valid. Setup portion 156 may also send other information to setup API 145, such as user ID U or other information.

Next, in step 1112, if the registration code R is valid, then setup API 145 transmits arguments, the passcode generator G_(Ui) or G_(i) and optionally user ID U (which may be used as a database index) to database 160. Optionally, other user information may also be sent to database 160. In other embodiments method 1100 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally the steps of method 1100 may not be distinct steps.

FIGS. 12A and 12B show a flowchart of an example of a method 1200 for authenticating a passcode at administrator 102. Method 1200 is an alternative to method 900. In step 1202, a passcode P_(i) is received by request API 147. For example, passcode P_(i) is entered into request API 147 or transmitted to request API 147. In step 1204, administrator 102 retrieves P_(i) from its request API 147. In step 1206, administrator 102 places user ID U in request API 147. In step 1208, request API 147 sends user ID U to database 160. In step 1210, database 160 decides whether user ID U is valid. Database 160 attempts to retrieve passcode generator G_(Ui) or G_(i) by looking up user ID U. Database 160 may discover that user ID U does not exist, and therefore is invalid. If user ID U is invalid, then method 1200 proceeds to step 1212. In step 1212, administrator 102 sends an invalid message to request API 147. After step 1212, method 1200 ends. Returning to step 1210, if user ID U is valid, then method 1200 proceeds to step 1214 where administrator 102 sends passcode generator G_(Ui) to request API 147. Next, in step 1216, request API 147 calls request portion 158, and sends two arguments, passcode P_(i) and passcode generator G_(Ui) to determine whether passcode P_(i) and passcode generator G_(Ui) match.

In step 1218, request portion 158 determines whether passcode P_(i) and passcode generator G_(Ui) match. In general, the output of Φ₃(G_(Ui)) is a sequence of bytes and each of these bytes may be a value ranging from 0 to 255. Thus, P_(i) and G_(Ui) match if P_(i)=Φ₃(G_(Ui)).

Step 1218 may also include applying an error handling routine, such as method 1000 (FIG. 10), prior to concluding that passcode P_(i) and passcode generator G_(Ui) do not match. Thus, a determination that passcode P_(i) and passcode generator G_(Ui) match may involve one or more prior determinations that passcode P_(i) and trial passcode generator G_(UTi) do not match.

If passcode P_(i) and passcode generator G_(Ui) match, then method 1200 proceeds to step 1220. In step 1220 request portion 158 updates G_(Ui) according to f(G_(Ui))=G_(Ui+1), returns the updated passcode generator G_(Ui+1) and a message that passcode P_(i) is valid to request API 147. In step 1222, request API 147 calls administrator 102, and sends a message that passcode P_(i) is valid, and sends the updated passcode generator G_(i+1) as an argument. Optionally, user ID U is also sent to administrator 102. In step 1224, administrator 102 causes updated passcode generator G_(i+1) to be stored in database 160, indexed by user ID U. After step 1224, method 1200 is terminated.

Returning to step 1218, if passcode P_(i) and passcode generator G_(Ui) do not match, the method proceeds to step 1226. In step 1226, the request portion 158 returns an invalid message to request API 147. Next, in step 1228, request API 147 calls administrator 102, and sends a message that passcode P_(i) is invalid. After step 1228, method 1200 terminates. In other embodiments method 1200 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally the steps of method 1200 may not be distinct steps.

FIG. 13 is a flowchart of an example of method of installing system 100. In step 1302 the administrator is installed. For example, administrator 102 may be installed on a computer that is separate from secure entity 103. If the system on which system 100 is being installed has other software, the administrator may be integrated into that software or may be installed as a separate software module. Installing administrator 102 may involve installing setup portion 116 or 156 and request portion 118 or 158: In optional step 1306, an API is installed. In an embodiment, step 1306 may involve installing a request API 147 and a setup API 145. In step 1308, an offer is made to allow the installer to choose whether to use a preexisting database. If the choice of using a preexisting data is chosen, in step 1310 the API is configured to communicate with the database. Step 1310 may involve adding to database 160 a field for storing passcode generators to each user record. Step 1310 may additionally involve adding a field for a user ID U to each user record. For example, database 160 may not have field for user IDs or may use different user IDs than system 100. Of course, database 160 may have two fields for user IDs—one field in a location where system 100 is configured for accessing, and another which system 100 is not configured to access. Alternatively, the database may already have a field for a user ID, and the same user ID is used for system 100. Returning to step 1308, if a choice is made to not use any preexisting database, then in step 1312, a database, a file, part of a file, or part of a database is setup for storing passcode generators, which may be indexed according to a user ID. In an embodiment, the passcode generators are not indexed according to user ID. In other embodiments, method 1300 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally, steps 1302, 1304, 1306, and 1308 may be performed concurrently or in any order with respect to one another. Steps 1310 and 1312 may be performed any time after step 1308, but otherwise may be performed in concurrently or in any order with respect to steps 1302, 1304, and 1306. Additionally the steps of method 1300 may not be distinct steps.

FIG. 14 is a flowchart of an example of a method 1400 for assembling passcode device 101. In step 1402, passcode circuitry 602 (FIG. 6) is assembled, which may include installing onboard memory (e.g., secure area 604). In step 1404, the acquisition mechanism 608 (FIG. 6) is coupled to the passcode circuitry 602. In step 1406, interface 610 (FIG. 6) is coupled to passcode circuitry 602. In step 1408, an embedded program (e.g., program 605) is configured for generating registration codes R, passcode generators G_(i), and passcodes P_(i), and for using the onboard memory for work space and for storing passcode generators. In step 1410, passcode circuitry 602, acquisition mechanism 608, and interface 610 are enclosed within a housing that is small enough to fit within a user's hand (e.g., shorter than a typical pen and no more than a two or three times wider than a typical pen). For example, the housing may be 2 to 6 inches long and less than a half inch in diameter. The passcode device 101 may be of a size that is comparable to a thumb print. In other words, passcode device 101 only need to be large enough to accept user information. In embodiments where the user information is fingerprints, the passcode device 101 could be the size of a portion of a thumb large enough to capture a thumb print during a swipe, for example. In embodiments where acquisition mechanism is a camera, passcode device 101 does not need to be much larger than a small camera. In an embodiment, passcode device 101 is less than 6 inches, less than 2 inches, less than an inch, or less than a centimeter in size. In other embodiments method 1400 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally, the steps of method 1400 may be performed in other orders, may not be distinct steps, and/or many of the may be performed concurrently with one another. Additionally the steps of method 1400 may not be distinct steps.

A particular application of system 100 is a child identity program. System 100 enables the government to identify a child with a unique registration code R or with a passcode P_(i), which is never stored anywhere. For example, the FBI can store a database of registration codes R, but a database intruder would not have access to the biometric data, social security number, or other data of any child. Alternatively, the FBI can store a database of generators G_(i), which change each time a new passcode P_(i) is submitted. Consequently, in addition to the database intruder not having access to the biometric data of any child, the information stolen (passcode generator G_(i)) is of little use to the intruder in identifying the child, because passcode generator G_(i) changes periodically, such as with each legitimate access of the data. Similarly, no authorized FBI employee would have access to the biometric data of any child. Consequently, the passcode generator helps act as a child ID for safety, yet also protects private information about the child.

The present specification incorporates herein by reference, in their entirety National Institute of Standards and Technology, Secure Hash Standard, Apr. 17, 1995. PIPS PUB 180-1, Page 88, and National Institute of Standards and Technology, Secure Hash Standard, (draft) 2001. Draft FIPS PUB 180-2, Page 89.

FIG. 15 shows a block diagram of system 1500 for encrypting and decrypting items. System 1500 includes a secure module 1502 and acquisition mechanism 1504, which includes secure area 1506. Secure area 1506 may include encryption key circuitry 1508 having memory 1510. Memory 1510 may include instructions 1512, which may include instructions for acquire user data 1514, compare user data 1516, and store user data 1518. Memory 1510 may also include user information 1520 and encryption key 1522. Instructions 1512 may also include generate encryption keys 1523. Secure module 1502 may also include interface 1524. System 1500 may also include unsecured system 1526, which runs encryption instructions 1528. In other embodiments system 1500 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Secure module 1502 may include any of a number of systems. In an embodiment, secure module 1502 is configured so that it is difficult to access the inner working of secure module 1502. In other words, secure module 1502 may be configured so that it is difficult to examine and/or alter the contents of any memory within secure module 1502 and/or to send commands to secure module 1502.

Acquisition mechanism 1504 may be a sensor, and may enable secure module 1502 to acquire (e.g., scan in or receive) user data, such as fingerprints, other biometric data, or other user data. For example, if acquisition mechanism 1504 includes a fingerprint sensor, acquisition mechanism 1504 may include an area sensor or a sweep sensor.

Secure area 1506 is a region within secure module 1502 within which various security measures have been implemented. For example, the security of the secure area 1506 may be enhanced by any one of, any combination or of, or all of (1) the use of embedded software, (2) the lack of an operating system, and (3) the secure area being at least part of a self-contained device separate from unsecured system 1526. For example, the unit that includes the secure area 1506 (e.g., secure module 1502) may contain its own processor.

Encryption key circuitry 1508 generates encryption keys and may have other functions. Encryption key circuitry 1508 may include circuitry configured for generating encryption keys or may include a processor configured (e.g., programmed) for generating encryption keys. Encryption key circuitry 1508 may include a combination of a processor and specialized circuitry configured for performing a particular method or computation. Encryption key circuitry 1508 may communicate with acquisition mechanism 1504 and with a host computer. Although not necessary, in some embodiments, acquisition mechanism 1504 and encryption key circuitry 1508 could be integrated into a single chip. Alternatively, acquisition mechanism 1504 and encryption key circuitry 1508 may be in two separate chips. Throughout this specification encryption key circuitry 1508 may be replaced with access key circuitry to obtain different embodiments.

Memory 1510 may be incorporated within encryption key circuitry 1508 and may include volatile and nonvolatile memory. The use of non-volatile memory enables the secure module 1502 to permanently store user information, executable code, and/or encryption keys. In some embodiments, the memory 1510 is on (e.g., “onboard”) encryption key circuitry 1508. Memory 1510 may include embedded instructions that are executed by encryption key circuitry 1508.

Instructions 1512 are stored on memory 1510, and may include embedded instructions executed by encryption key circuitry 1508. Instructions 1512 may be capable of generating passcodes (e.g., a password) based on user data. In this specification the word passcode is generic to the word password in that a passcode can by any code. Through-out this specification, the word passcode may be replaced by the word password to obtain a specific embodiment. The passcodes may be caused to be sent to an unsecured device and/or to be used to authenticate a passcode received from an unsecured device. Instructions 1512 may be capable of generating encryption keys based on user data and/or passcodes based on encryption keys. Instructions 1512 may also be capable of authenticating a set of newly acquired user data (e.g., fingerprints) by comparing the newly acquired user data with stored user information (e.g. stored characteristics of fingerprints).

Acquire user data 1514 may include instructions for acquiring a fingerprint and/or other user data from acquisition mechanism 1504. Compare user data 1516 may include instructions for comparing and/or matching acquired user data with stored user information. Store user information 1518 may include instructions for storing user information acquired by acquire user data 1514 from acquisition mechanism 1504.

User information 1520 may be the user data acquired by acquire user data 1514. Alternatively, user information 1520 may include information derived from the user data acquired using acquire user data 1514. For example, if acquisition mechanism 1504 acquires fingerprints, user information may include information characterizing the fingerprints instead of, or in addition to, the actual fingerprints. User information 1520 may be, or may be based upon, many other types of user data in addition to, or instead of, fingerprints. For example, user information 1520 may include a name, a birthday, a favorite number, a social security number, a driver's license, a profile, an image of a face, an iris scan, a toe print, a handprint, and/or a footprint. In an embodiment, the item used to generate the passcodes is any item that is unique. In an embodiment, the item used to generate the passcode is one that is difficult to fabricate, guess, find by trial and error, and/or compute. In an embodiment, the item used to generate the passcodes is uniquely associated with the user. In an embodiment, the item used to generate the passcodes has an unpredictable element to it (e.g., the unpredictable manner in which the patterns of lines in fingerprints differ between fingerprints).

As explained in U.S. patent application Ser. No. 11/100,803, Ser. No. 11/102,407, Ser. No. 11/104,343, Ser. No. 11/104,357, and Ser. No. 11/106,183, and Ser. No. 11/106,930, any sequence of bits (which may represent any string of symbols) may be used as a passcode. In some cases, the passcode may be directly transmitted to another system without human intervention, and therefore the sequence of bits may not have a visual display in standard formats such as ASCII, Unicode, and so on. For example, the first sequence of 8 bits in the passcode could, in ASCII, represent the end of file character, which currently does not have a visual representation. In other embodiments where the passcode is displayed as a sequence of symbols on a graphical display, the symbols may be chosen from any subset of, or combination of, alphanumeric symbols, punctuation symbols, picture symbols, math symbols, upper case symbols, and/or lower case symbols, for example. The choice of alphanumeric symbols may include characters from a multiplicity of languages. An example of an alphanumeric passcode with 8 symbols 4R1pa5Wx. An example of a possible passcode with 8 symbols is

. An example with 16 symbols including punctuation and other symbols is

&x#W

q61!j$uS_m.

Encryption keys 1522 may include one or more encryption keys, which are codes (sequences of bits or symbols) that are used for generating passcodes. Encryption keys 1522 may be used by an encryption algorithm to encrypt and/or decrypt data. In this specification, encryption keys 1522 may also be represented by the symbol K_(d). Encryption keys 1522 may be stored on secure module 1502. Encryption keys 1522 may be stored in the internal memory (e.g., memory 1510) of encryption key circuitry 1508. One or more fingerprint images and/or other user data may be used to determine values for encryption keys 1522. Using user information 1520 to create encryption keys 1522 helps ensure that the encryption key of each user is unique. Encryption keys 1522 may be used as seed values for an encryption method that is implemented on an unsecured system. In another embodiment, encryption keys 1522 are not used as seed values, but are just an access code, which may be referred to as an access key, for a method or other entity associated with the unsecured system.

Encryption keys 1522 may be used as the registration code and/or the passcode generator of U.S. patent application Ser. No. 11/100,803, Ser. No. 11/102,407, Ser. No. 11/104,343, Ser. No. 11/104,357, Ser. No. 11/106,183, and Ser. No. 11/106,930. Thus, similar to the passcode, any sequence of bits or sequence of symbols may be used as one of encryption keys 1522. In some cases, encryption keys 1522 may be directly transmitted without human intervention, and consequently the sequence of bits may not have a visual display in standard formats such as ASCII, Unicode, and so on. For example, the first sequence of 8 bits in one of encryption keys 1522 could, in ASCII, represent the end of file character, which currently does not have a visual representation. In other embodiments where the encryption keys 1522 are displayed as a sequence of symbols on a graphical display, the symbols may be chosen from any subset of or combination of alphanumeric symbols, punctuation symbols, picture symbols, math symbols, upper case symbols, and/or lower case symbols, for example. The choice of alphanumeric symbols may include characters from a multiplicity of languages. An example of an encryption key with 16 symbols is 1Ae58GnZbk3T4 pcQ, and an encryption key with punctuation and other symbols may also be used. An example with 32 symbols is 1!56hs#K♀3_(—)4xP*7:y2iW=K;r.+4vN?. There may be at least one encryption key for each user, secure module 1502, and/or unsecured system 1526. The same criterion and/or restrictions may be used for both passcodes and encryption keys 1522 for determining what sequences of characters are valid. Throughout this specification encryption keys may be replaced with access keys to obtain different embodiments. Each of encryption keys 1522 may have different parts stored in different locations within memory 1510.

Generate encryption keys 1523 is a method for generating encryption keys 1522 using user information 1520. Although in FIG. 15 generate encryption keys 1523 is depicted as separate from instructions 1512, generate encryption keys 1523 may be included within instructions 1512. Generate encryption keys 1523 may implement a method that uses user information 1520 as a seed for generating encryption keys 1522.

Generate encryption keys 1523 may be a “one-way” method, which is a method for which finding an inverse or for which finding the input based on the output is expected to be difficult or intractable. Throughout this specification generate encryption keys 1523 may be replaced with instructions for generating access keys to obtain a different embodiment. Stated differently, a one-way method Φ has the property that given an output value z, it is not possible or computationally extremely difficult to find an input (e.g., message) mz such that Φ(mz)=z. For some one-way functions, it could take over 10³⁰ years of computer processor execution time to compute Φ⁻¹(z). In other words, a one-way method Φ is a method that can be easily computed, but that has an inverse Φ⁻¹ that is extremely difficult (e.g., impossible) to compute. One manner of quantifying the difficulty of finding m_(z) (given an output z) is to use the number of computations that are expected to be required to compute and/or guess m_(z). For one type of method, it is expected to take between O(2^(n/2)) and O(2^(n)) (e.g. between 2^(n/2) and 2^(n)) computational steps to find or guess m_(z), (depending on the how clever the one performing the computations is), where n is the number of bits in the output z. The method Φ (which may be referred to as a generating method) may be a one-way algorithm, a one-way function, and/or another one-way method. By using a one-way method for computing encryption keys 1522, even if one of encryption keys 1522 is intercepted, stolen, or otherwise obtained, it is unlikely that the encryption key can be used to discover user information 1520 or (if user information 1520 was derived from user data) used to discover the user data from which user information 1520 was derived.

One set of methods that may be used are one-way methods in which finding the inverse involves an operation that is mathematically indeterminate, impossible, intractable, computationally impractical, or computationally difficult. For example, one method is to use a collection of step functions each of whose domain and range is [0, 1, 2, . . . 255] and apply a distinct one of the step functions to a part of user information 1520. User information 1520 could be used to determine which step functions to select from the collection. If 16 step functions are chosen from the collection, then this would create an output having 128 bits. If n step functions are chosen from the collection, then this would create an output of 8n bits. An alternative to selecting the step function would be to construct 32 matrices resulting from the step functions and compute the determinant modulo 256 for each of the 32 matrices. This creates a one-way method whose output is 256 bits.

As another example, one-way method Φ could involve first representing user information 1520 by a string of digits. Then, each digit of the string of digits could be multiplied by a corresponding digit from another string of digits, where at least one digit of the other string has a value of zero. The inverse of this method would involve at least one division by zero for each multiplication by a digit with the value of zero, which has no inverse, and consequently this method would also be one-way. Similarly, functions for which finding their inverses involves computing a non-convergent series or non-convergent integral are other examples of classes of functions that may be used as one-way methods.

Another class of one-way methods involves computations that cause a loss of information or a discarding of selected pieces of information. Since some of the input information is lost in computing this class of one-way methods, the original input information (e.g., user information 1520) is difficult and may be impossible to recover. For example, a one-way method may be constructed by first performing a randomizing operation such as discarding random bits of information from the input, adding random bits of information to the input, and/or performing another randomizing operation to the input, and then another method (e.g., function) may be applied to the information retained. Similarly, the same randomizing operations may be performed on the output of the one-way method.

In an embodiment, generate encryption key 1523 includes a hash function. A “hash function,” denoted Φ, is a function that accepts as its input argument an arbitrarily long string of bits (or bytes) and produces a fixed-size output. In other words, a hash function maps a variable length input m to a fixed-sized output, Φ(m). Typical output sizes range from 128 to 512 bits, but can also be larger or smaller. An ideal hash function is a function Φ whose output is “uniformly distributed.” In other words, suppose the output size of Φ is n bits. If the message m is chosen randomly, then for each of the 2^(n) possible outputs for z, the probability that Φ(m)=z is 2^(−n). In an embodiment, the hash functions used in generate encryption key 1523 are one-way.

In contrast to an ideal hash function, if the input m is chosen randomly, then for each of the 2^(n) possible outputs for z, the probability that Φ(m)=z is a value P, which is compared to 2^(−n). In an embodiment, the hash function is designed so that P is relatively close to 2^(−n). How close P is to 2^(−n) is a measure of the quality of the hash function. The chi-square function on n−1 degrees of freedom is a useful way to measure the quality of a real hash function. One uses a chi-square on n−1 degrees, because there are n bits of output. A confidence level that the real hash function is close to an ideal hash function (or has a certain quality) can be computed based on the chi-square function. Some typical confidence levels could be at least 90%, at least 95%, at least 99%, at least 99.5%, at least 99.999%, or greater depending on the level of security desired. In an embodiment, these confidence levels may represent a confidence that at least 2^(n/100) to 2^(n) computations are required to find the inverse of the hash function. In another embodiment, the above confidence levels represent a confidence that at least 2^(n/2) to 2^(n) computations are required to find the inverse of the hash function. In an embodiment, these confidence levels may represent a confidence that at least 2^(log(n)) to 2^(n) computations are required to find the inverse of the hash function. In an embodiment, these confidence levels may represent a confidence that at least 0.9(2^(n)) to 2^(n) computations are required to find the inverse of the hash function. In an embodiment, the hash functions that are used are one-way. Other types of one-way functions or methods may be used in place of a hash function.

Any of a number of hash functions may be used for one-way method Φ. One possible hash function is SHA-256, designed by the National Security Agency and standardized by the NIST, [NIST_STANDARDS_(—)1995], which is incorporated herein by reference. The output size of SHA-256 is 256 bits. Other examples of alternative hash functions are of those that are of the type that conforms to the standard SHA-1, which produces output values of 160 bits, and SHA-512, which produces output values of 512 bits, see [NIST_STANDARDS_(—)2001], which is incorporated herein by reference.

There are different methods that may be used for hashing user information 1520, such as fingerprints. Different types of methods of hashing user information 1520 are appropriate for different sizes of encryption keys, and different types of user information 1520 that may be passed to the hash function. One method is to take two different pieces of user information 1520 (e.g., two fingerprints) and apply the hash function SHA-256 to each piece of user information 1520. For ease of explanation, denote the hash function SHA-256 as Φ₁. Each application of Φ₁ to user information 1520 produces an output value of 256 bits. With two pieces of user information 1520, (e.g., two fingerprints), these bits are concatenated together to create a 512-bit encryption key, called K_(d). Another method is to use two different sections S and T of a single acquired set of pieces of user data (e.g., two sections of one fingerprint), and produce a 512-bit encryption key, K_(a), by concatenating Φ₁(S) and Φ₁(T). An enhancement of this method can be used to create encryption keys larger than 512-bits. Divide one acquired piece of user information 1520 (e.g., one fingerprint) into n sections: S₁, S₂, . . . , S_(n). Then concatenate the bits Φ₁(S₁), Φ₁(S₂), . . . , Φ₁(S_(n)). This creates an encryption key K_(d) that is 256n bits in length. For example, if user information 1520 is divided into 10 sections, then this method would create an encryption key with 2,560 bits.

Another embodiment is to use two different parts of user information, denoted S1 and S2, apply a one-way function Φ to each part of the finger print information to form fingerprint information that has the same length as each of the parts. For example, let the symbol ⊕ denote the exclusive-or function i.e. as a binary operator on bits 0⊕0=1⊕1=0 and 1⊕0=0⊕1=1. ⊕ is extended coordinate-wise to strings of bits; as an example, if A=0011 and B=0101, then A⊕B=0110. In an embodiment, a one-way function Φ is applied to each part and then take an exclusive-or, ⊕, of the two results. In other words, the encryption key is K_(d)=Φ(S1)⊕Φ(S2). If Φ has an output size of m bits, then K_(d) has a size of m bits. A similar process could be performed using other operators in place of an exclusive-or to create an encryption key K_(d) having a size of m bits.

Similarly, to create a larger key, start with 2n pieces of user information, S₁, S₂, . . . , S_(2n). Create n different m-bit keys, k₁, k₂, . . . k_(n) where k₁=Φ(S₁)⊕Φ(S₂), k₂=(S₃)⊕Φ(S₄), k₃=Φ(S₄)⊕Φ(S₅), . . . , kn=Φ(S_(2n−1))⊕Φ(S_(2n)). Then create the key K_(d) by concatenating these n keys; in other words, K_(d)=k₁, k₂ k₃ . . . k_(n). Thus, K_(d) has a size of mn bits, where the output of one-way function Φ is m bits. If Φ=Φ₁ (i.e. SHA-256), then K_(d) has a size of 256n bits. A similar process could be performed using other operators in place of an exclusive-or to create an encryption key K_(d) having a size of mn bits.

Hash functions are discussed in [NIST_STANDARDS_(—)1995] National Institute of Standards and Technology, Secure Hash Standard, Apr. 17, 1995, FIPS PUB 180-1, [e.g., Page 88] and in [NIST_STANDARDS_(—)2001] National Institute of Standards and Technology, Secure Hash Standard, (draft) 2001, Draft FIPS PUB 180-2, [e.g., Page 89], which are each incorporated herein by reference. Hash functions are also discussed in U.S. patent application Ser. No. 11/100,803, Ser. No. 11/102,407, Ser. No. 11/104,343, Ser. No. 11/104,357, and Ser. No. 11/106,183, and Ser. No. 11/106,930.

Although instructions 1512, user information 1520, encryption keys 1522 and generate encryption keys 1523 are depicted as contiguous blocks within memory 1510, they may be stored in locations that are interdispersed amongst each other. Similarly, although instructions for acquire user data 1514, compare user data 1516, and store user data 1518 are depicted as separate blocks within instructions 1512, they may be stored in locations that are inter-dispersed amongst each other. Also, although instructions for acquire user data 1514, compare user data 1516, store user data 1518, and generate encryption keys 1523 are depicted at contiguous blocks, they may be lines of codes that are inter-dispersed amongst one another, and may not be separate program units.

Interface system 1524 is used to communicate with unsecured system 1526. Interface system 1524 may be any one of and/or any combination of a USB port, an RS 232 connection, a wireless connection (e.g., using RFID), a serial port, and/or any of a number of other types of connections.

Unsecured system 1526 may be a host computer, encryption device, or other machine that is used for encrypting data. The word “host” refers to a laptop, desktop, other type of computer, or possibly another electronic device. Unsecured system 1526 may be a single module or a large system having many components. Unsecured system 1526 is referred to as “unsecured” only because, in an embodiment, no steps are necessarily taken to secure unsecured system 1526. However, unsecured system 1526 may have been secured, and may have any combination of security safeguards protecting it. For example, unsecured system 1526 may require entry of a passcode and/or any type of user data (e.g., any of the user data upon which user information 1520 may be based) prior to entry. Alternatively, unsecured system 1526 may have no security features.

Encryption instructions 1528 may be executed by unsecured system 1526, and may be instructions that perform encryption. Encryption instructions 1528 may require receipt of one of encryption keys 1522 to perform the encryption. Encryption instructions 1528 may generate a passcode based on encryption keys 1522. Alternatively, unsecured system 1526 may receive the new passcode from secure module 1502 in response to providing the prior passcode that was stored on unsecured system 1526. Throughout this specification, other embodiments may be obtained by replacing encryption instructions 1528 with instructions to perform a task, and replace any discussion of encryption instruction 1528 performing encryption or decryption with the instructions performing that task.

As an example of one embodiment, secure module 1502 is a USB internal device, which is a secure device having at least a USB connection for interface 1524, internal memory for memory 1510, fingerprint sensor for acquisition mechanism 1504, and a processor for encryption key circuitry 1508. In an embodiment, this device does not run an operating system. All fingerprint data or user information 1520 is acquired and stored on the USB internal device.

FIG. 16 shows a block diagram of an example of an unsecured system 1600, which may be used in system 1500. Unsecured system 1600 may include output system 1602, input system 1604, memory system 1606, processor system 1608, communications system 1612, and input/output device 1614. In other embodiments, unsecured system 1600 may not include all of the components listed above or include other components in addition to, and/or instead of, those listed above.

Output system 1602 may include any one of, some of, any combination of, or all of a monitor system, a handheld display system, a printer system, a speaker system, a connection or interface system to a sound system, an interface system to peripheral devices and/or a connection and/or interface system to a computer system, an intranet, and/or an internet, for example.

Input system 1604 may include any one of, some of, any combination of, or all of a keyboard system (e.g., an encryption keyboard), a mouse system, a track ball system, a track pad system, buttons on a handheld system, a scanner system, a microphone system, a connection to a sound system, and/or a connection and/or interface system to a computer system, intranet, and/or interne (e.g., IrDA, USB), for example.

Memory system 1606 may include, for example, any one of, some of, any combination of, or all of a long term storage system, such as a hard drive; a short term storage system, such as random access memory; a removable storage system, such as a floppy drive, jump drive or other removable drive; and/or flash memory. Memory system 1606 may include one or more machine-readable mediums that may store a variety of different types of information.

The term machine-readable medium is used to refer to any medium capable carrying information that is readable by a machine. One example of a machine-readable medium is a computer-readable medium. Another example of a machine-readable medium is paper having holes that are detected and trigger different mechanical, electrical, and/or logic responses. For example, embedded software is stored on a machine-readable medium. The term machine-readable medium also includes mediums that carry information while the information is in transit from one location to another, such as copper wire, air, water, and/or optical fiber. Software versions of any of the components of FIGS. 15-21 may be stored on machine-readable mediums.

Processor system 1608 may include any one of, some of, any combination of, or all of multiple parallel processors, a single processor, a system of processors having one or more central processors, and/or one or more specialized processors dedicated to specific tasks.

Communications system 1612 communicatively links output system 1602, input system 1604, memory system 1606, processor system 1608, and/or input/output system 1614 to each other. Communications system 1612 may include machine-readable media such as any one of, some of, any combination of, or all of electrical cables, fiber optic cables, long term and/or short term storage (e.g., for sharing data) and/or means of sending signals through air (e.g., wireless communications), for example. Some examples of means of sending signals through air include systems for transmitting electromagnetic waves such as infrared and/or radio waves and/or systems for sending sound waves.

Input/output system 1614 may include devices that have the dual function as input and output devices. For example, input/output system 1614 may include one or more touch sensitive display screens, which display an image and therefore are an output device and accept input when the screens are pressed by a finger or stylus, for example. The touch sensitive screens may be sensitive to heat and/or pressure. One or more of the input/output devices may be sensitive to a voltage or current produced by a stylus, for example. Input/output system 1614 is optional, and may be used in addition to or in place of output system 1602 and/or input device 1604.

FIG. 17 shows a block diagram of an example of memory 1606. Memory 1606 may include optional operating system 1702, encryption instructions 1704, and passcode 1706. In other embodiments system memory 1606 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Memory 1606 may contain optional operating system 1702. Some examples of optional operating system 1702 are Linux, Unix, Windows, and DOS. However, any other operating system may be used instead, including specialized operating systems such as for cell phones, video game players, other hand held devices, or any other operating system.

Encryption instructions 1704 may cause unsecured system 1600 to encrypt and/or decrypt items. Encryption instructions 1704 may be an embodiment of encryption instructions 1528. In an embodiment, encryption instructions 1704 will only perform encryption and/or decryption if requested by secure module 1502 and/or if secure module sends one of encryption keys 1522, thereby granting permission for the encryption to take place.

Passcode 1706 is stored by unsecured system 1600 and is used to authenticate a request for encoding and/or decoding an item. In an embodiment, passcode 1706 is generated by secure module 1502, sent to unsecured system 1526, and then stored at unsecured system 1526 for authentication of a later request for encrypting and/or decrypting data. When it is desired to encrypt or decrypt data, passcode 1706 is sent back to secure module 1502, and secure module 1502 determines whether passcode 1706 was the passcode supplied earlier. If passcode 1706 is the earlier supplied passcode, secure module 1502 sends one of encryption keys 1522, which encryption instructions 1704 use to encrypt the desired data. In another embodiment, passcode 1706 is not used at all.

In still another embodiment, the key IQ is encrypted before it is sent from secure module 1502 to unsecured system 1526. In some encryption schemes, passcode 1706 may be used as an encryption key to encrypt key K_(d). For example, if passcode 1706 is 256 bits, then AES 256 bit encryption could use passcode 1706 as the key and encrypt key K_(d), denoted as E(K_(d)). Then E(K_(d)) is transmitted to unsecured system 1526, where the unsecured system 1526 executes a AES 256 bit decryption code, and its copy of passcode 1706 to decrypt E(K_(d)) so that the unsecured system 1526 has possession of key K_(d). Other encryption methods may also be used to securely transmit Kd from secure module 1502 to unsecured system 1526, such as DES, Blowfish, or RSA.

Throughout this specification, other embodiments may be obtained by replacing encryption instructions 1704 with instructions to perform a task, and replace any discussion of encryption instructions 1704 performing encryption or decryption with the instructions performing that task.

FIG. 18 shows an example of an embodiment of a secure system 1800. Secure system 1800 includes secure module 1802, computer 1804 having input system 1806 and output system 1808. Secure system 1800 also includes system 1810, network 1812, and system 1814. In other embodiments secure system 1800 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Secure system 1800 illustrates some of the variations of the manners of implementing system 1500. Secure module 1802 is one embodiment of secure module 1502. Secure module 1802 is capable of being plugged into and communicating with computer 1804 or with other systems via computer 1804. Secure module 1802 may communicate wirelessly with computer 1804 in addition to, or instead of, being capable of being plugged into computer 1804. A user may use input system 1806 and output system 1808 to communicate with secure module 1502.

Computer 1804 is directly connected to system 1810, and is connected, via network 1812, to system 1814. Network 1812 may be any one or any combination of one or more Local Area Networks (LANs), Wide Area Networks (WANs), wireless networks, telephones networks, and/or other networks. Unsecured system 1626 may be any of, a part of any of, or any combination of any of computer 1804, system 1810, network 1812, and/or system 1814. As an example, unsecured system 1526 and encryption instructions 1528 may be located on computer 1804. As yet another example, unsecured system 1526 and encryption instructions 1528 may both be located on system 1814 or may both be located on system 1810.

FIG. 19 shows one example of a secure module 1900, which may include sensor 1902, cover 1904, and interface 1906. In other embodiments, secure module 1900 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Secure module 1900 is an example of secure module 1502 or 1802. Sensor 1902 may be a mechanism of acquiring fingerprints, and is an example of acquisition mechanism 1504. Cover 1904 may be a cover for covering sensor 1902, and for protecting sensor 1902 when sensor 1902 is not in use. Cover 1904 may swing open, slide open, and/or snap off and on. Interface 1906 is an example of interface 1524, and is for connecting with an electronic device, such as a computer. Interface 1906 may be a USB port or may be replaced with an RS 232 connection, a wireless connection using RFID, a serial port or any of a number of other types of connections.

FIG. 20 shows an example of a secure module 2000. Secure module 2000 includes display 2002, sensor 2004, and cover 2006. In other embodiments secure module 2000 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Secure module 2000 is an embodiment of secure module 1502. Secure module 2000 may be used instead of secure module 1802 in FIG. 18. Display 2002 displays passcodes and/or encryption keys, and is an example of interface 1524. Display 2002 is an interface with which the user interacts with secure module 1502, and may be used for transferring the passcode or encryption key to unsecured system 1526. Optionally, secure module 2000 may also include a transmitter for transmitting the passcode or encryption key via radio waves, light pulses, and/or sound, for example, as part of interface 1524. Sensor 2004 is an example of acquisition mechanism 1504, and maybe for acquiring fingerprints and/or images of other parts of the body of the user. The user may swipe her or his finger over sensor 2004. In response, display 2002 may display a passcode and/or encryption key that is only good for one use. The user reads the passcode or encryption key and causes the passcode and/or encryption key to be submitted to unsecured system 1526. Cover 2006 slides over the portion of secure module 2000 having sensor 2004 to protect sensor 2004 from damage when not in use.

FIG. 21 shows an example of a secure module 2100, which may include display 2102, keypad 2104, and sensor 2106. In other embodiments secure module 2100 may not have all of the components listed above or may have other components instead of and/or in addition to those listed above.

Secure module 2100 is an example of secure module 1502 (FIG. 15), which may be used instead of secure module 1802 in FIG. 18. Display 2102 is an example of interface 1524, and may display passcodes, encryption keys, status information, instructions, replies to commands, for example. Optionally, secure module 2100 may also include a transmitter for transmitting the passcode or encryption key via radio waves, light pulses, and/or sound, for example, as part of interface 1524. Keypad 2104 is for entering user information and commands, for example, and may be part of acquisition mechanism 1504. Sensor 2106 may be for acquiring fingerprints and/or images of other parts of the body of the user, and is also part of acquisition mechanism 1504. Having both keypad 2104 and sensor 2106 allows secure module 2100 to be configured to require that the user enter identifying information, such as social security number and birthday, in addition to the user data acquired via sensor 2106.

Any one of, or any combination of, secure modules 2000 and 2100 maybe used in place of, or in addition to, secure module 1802 within secure system 1800, for example. Secure modules 1802, 1900, 2000, and 2100 are just a few examples of the many embodiments of secure module 1502.

FIG. 22 is a flowchart of an example of a method 2200 for assembling secure module 1502. In step 2202, secure area 1506 (FIG. 15) is assembled, which may include installing memory 1510 onto encryption key circuitry 1508. In step 2204, the acquisition mechanism 1504 (FIG. 15) is coupled to the secure area 1506. In step 2206, interface 1524 (FIG. 15) is coupled to secure area 1506. In step 2208, instructions 1512 and/or other instructions are installed. In step 2210, secure area 1506, acquisition mechanism 1504, and interface 1524 are enclosed within a housing that is small enough to fit within a user's hand (e.g., shorter than a typical pen and no more than a two or three times wider than a typical pen). For example, the housing may be 2 to 6 inches long and less than a half inch in diameter. The secure module 1502 may be of a size that is comparable to a thumb print. In other words, secure module 1502 only needs to be large enough to accept user information. In embodiments where the user information is fingerprints, the secure module 1502 could be the size of a portion of a thumb large enough to capture a thumb print during a swipe, for example. In embodiments where acquisition mechanism 1504 is a camera, secure module 1502 does not need to be much larger than a small camera. In an embodiment, secure module 1502 is less than 6 inches, less than 2 inches, less than an inch, or less than a centimeter in size.

In step 2210, encryption instructions 1528 are installed on unsecured system 1526. Step 2210 may be performed at any time with respect to steps 2202-2208. In other embodiments method 2200 may not have all of the steps listed above or may have other steps instead of and/or in addition to those listed above. Additionally, the steps of method 2200 may be performed in other orders, may not be distinct steps, and/or many of the steps may be performed concurrently with one another. Additionally the steps of method 2200 may not be distinct steps.

FIG. 23 shows a flowchart of an example of a method 2300 of setting up system 1500. During method 2300 in step 2304 user data is acquired. Acquiring user data may involve a user entering data and/or acquisition mechanism 1504 sensing biometric information. Step 2304 may also involve encryption key circuitry 1508 executing acquire data 1514 and store user data 1518, thereby causing encryption key circuitry 1508 to transfer the user data from acquisition mechanism 1504 to memory 1510 and store the user data at memory 1510.

In step 2306, the acquired user data is passed, inside of the secure module 1502, to a one-way hash function or another type of one-way method of encoding user data. In step 2308, generate encryption keys 1523 is executed, and the one-way method generates an encryption key, K_(d). In step 2310, on secure module 1502, the encryption key, K_(d) is passed to a one-way hash function or another type of one way method Φ. In step 2312, the value P_(d)=Φ(K_(d)), a passcode, is computed on secure module 1502 and subsequently, in step 2314, passcode P_(d) is transmitted to unsecured system 1526. In step 2316, unsecured system 1526 stores passcode P_(d). If an intruder finds passcode P_(d) on unsecured system 1526, the information obtained from passcode P_(d) is not helpful to the intruder, because the inverse of the encoding function, Φ⁻¹ is computationally difficult to compute.

Steps 2302-2314 may involve executing other instructions of instructions 1512 in addition to, or instead of, those that appear in FIG. 15. Step 2210 could be performed as part of method 2300 instead of as part of method 2200. Other embodiments may not include all of the above steps and/or may include other steps in addition to or instead of those listed in method 2300. Additionally the steps listed in method 2300 may not be distinct steps.

FIG. 24 shows a flowchart of an example of a method 2400 for encrypting or decrypting data. In step 2402, encryption key circuitry 1508 makes a request to the unsecured system 1526 to encrypt or decrypt some data. The request may be in response to a user entering user data (e.g., the user scanning a fingerprint into authentication mechanism 1504), and the user data being authenticated. In step 2404, unsecured system 1526 sends the passcode P_(d) to the secure module 1502. In step 2406, secure module 1502 authenticates the unsecured system 1526, by checking whether passcode P_(d) is correct. If passcode P_(d) is not correct, then in step 2407 method 2400 is terminated. Consequently, encryption key K_(d) is not passed to unsecured system 1526. The reason for not passing encryption key K_(d) is because it is expected that an intruder program is running and attempting to perform the encryption or decryption.

Returning to step 2406, if passcode P_(d) is correct, then in step 2408 secure module 1502 retrieves encryption key K_(d) from memory 1510 (e.g., flash memory) and transmits encryption key K_(d) to unsecured system 1526. In another embodiment, step 2408 may involve encrypting encryption key K_(d) before sending encryption key K_(d) from secure module 1502 to unsecured system 1526. For example, passcode 1706 may be used as an encryption key to encrypt encryption key K_(d). If passcode 1706 is 1656 bits, then AES 256 bit encryption could use passcode 1706 as the encryption key and encrypt encryption key K_(d). The encrypted encryption key may be denoted by E(K_(d)). Then the encrypted encryption E(K_(d)) is transmitted to unsecured system 1526.

In step 2410, unsecured system 1526 receives (e.g., accepts) encryption key K_(d). Receiving encryption key IQ, may involve receiving encrypted encryption key E(K_(d)). Additionally, step 2410 may involve unsecured system 1526 executing an AES 256 bit decryption code, using the copy of passcode 1706 stored at unsecured system 1526 to decrypt E(K_(d)) so that unsecured system 1526 has possession of key K_(d). Other encryption methods may also be used to securely transmit K_(d) from secure module 1502 to unsecured system 1526, such as DES, Blowfish, or RSA.

In step 2412, unsecured system 1526 uses encryption key K_(d) to encrypt or decrypt the data. In step 2414, encryption key K_(d) is discarded. Encryption key IQ is not stored on unsecured system 1526; encryption key K_(d) only remains in the volatile memory of unsecured system 1526 for a brief period of time. Immediately, after the encryption or decryption process is finished making use of encryption key K_(d), the volatile memory, which contains encryption key K_(d), is erased. Encryption key K_(d) may be erased using any of several methods. For example, a value containing no information, such as the number 0, written at the one or more memory locations where encryption key K_(d) was located. As another example, a value containing information that is unrelated to encryption key K_(d) is written in the location where encryption key K_(d) was located. Since encryption key K_(d) is in the unsecured system 1526, which is not secure, for only a short while, it is difficult for an intruder to copy encryption key K_(d). Other embodiments may not include all of the above steps and/or may include other steps in addition to or instead of those listed in method 2400. Additionally the steps listed in method 2400 may not be distinct steps.

Regarding FIGS. 25-26C, a key, combination or access code is no longer necessary. Consequently, there is no combination number, access code or key to steal. Further, there is no longer the problem of forgetting the combination number, the access code or losing the key.

A second advantage is that a traditional tumbler is no longer required. This greatly simplifies the lock mechanism, and reduces the size and weight of the product.

A third advantage is that it is difficult to forge someone's biometric attributes, such as a fingerprint, because every person has a unique genetic code. With traditional locking mechanisms, however, a locksmith or sophisticated thief is able to pick a lock.

A fourth advantage is that if an unauthorized user attempts to break in, FPALM records the fingerprint, enabling the user to apprehend the thief. This record of the fingerprint also helps to prevent fraud or theft.

The fingerprint authentication lock mechanism, FPALM, is part of a device whose purpose is to control access to a level appropriate to its functionality. When built into a padlock, for example, FPALM uses fingerprint identification and matching techniques to determine which individuals are authorized to unlock it. FIG. 26 shows the lock mechanism and its interface with the power supply and with the processor, which executes the fingerprint recognition software. Overall, FPALM is comprised of three components: 1) a fingerprint recognition system, 2) a power supply, and 3) a lock mechanism.

In FIG. 25, the fingerprint sensor, processor, and memory comprise the hardware of FPALM. The sensor, processor, and memory together may be integrated into a single chip, or their functions may be separated into two or more chips. The fingerprint sensor scans the fingerprint of a “lock administrator” and the fingerprint, or a representation of it, is stored in long-term memory while in setup mode. Long-term memory allows the system to maintain a digital representation of the fingerprint even if the power supply shuts off, fails or is removed. Only the lock administrator, using his own fingerprint, may authorize the addition or removal of subsequent fingerprints to the database. If necessary, the lock administrator may remove his own fingerprint(s) from the database and reassign the role of lock administrator to someone else who must then scan their fingerprint into the device during setup. The number of fingerprints that the lock administrator may add to the database is limited only by the amount of available memory. Thus, the database may consist of one fingerprint, or up to ten thousand or more.

Once the database has been created during setup mode, subsequent finger scans are not stored into the database, but rather are stored temporarily (active use mode). The fingerprint need only be stored in temporary memory for as long as it takes to determine whether or not there is a match in the database. If the current fingerprint scanned matches one of those in the database, access is granted. In the case of the padlock, for example, the device will unlock. Specifically, a solenoid is triggered, which opens the lock mechanism. The lock mechanism is discussed in further detail in Section 4.

Another component of the Fingerprint Recognition System is the software. The software executes the functionality mentioned in the previous two paragraphs. In further detail, the software includes fingerprint minutia, comparison, template, and matching algorithms. The software may also include encryption algorithms for additional security.

Using mathematical measurements and invariants, the fingerprint algorithms extract many important, unique features from a user's fingerprint. The extracted features enable the matching algorithms to uniquely distinguish this user from different users. In other words, the matching algorithms prevent an unauthorized user from gaining access. Similarly, the matching algorithms grant access to an authorized user. The unique, extracted features and their locations in the fingerprint comprise a fingerprint template. The fingerprint template is stored in long-term memory.

The encryption algorithms encrypt and compress the fingerprint template, before storing it in long-term memory. The fingerprint template is stored in a format that is unaccessible and unreadable to anyone to prevent the following scenario. If the digital data in long-term memory is unencrypted, a thief or hacker could remove the memory hardware from our product and copy the fingerprint templates stored in memory. The thief or hacker could possibly use the stolen fingerprint templates to break into someone's bank account, for example, or steal their identity.

Because our fingerprint data in long-term memory is encrypted, a thief or hacker is unable to neither use the data nor exploit it. Overall, encryption of the fingerprint templates is important because it prevents fraud, theft and other crimes in areas outside our own products.

FPALM may incorporate any number of different power supply systems comprised of, but not limited to, direct current, disposable or rechargeable batteries, solar cell, fuel cell, and spring dynamo. Our preferred power supply has a mechanical interface of a button, dial or a lever. (Alternatively, the mechanical motion of the lock shaft is used to generate energy.) The user pushes the button, rotates the dial, or turns the lever, which creates mechanical energy. This mechanical energy may be stored for later use in a battery, capacitor, or spring, or it may be used immediately. Using gears, this mechanical energy turns a simple motor, which converts the mechanical energy to electrical energy. The electrical energy powers the solenoid, processor, and sensor. This preferred method creates a fully portable, indefinite power supply with no replacement of parts.

An activation system helps determine how to use power efficiently. The mechanism is activated through the operation of a button, lever, or other mechanical means operated by the individual. Once activated, enough power is supplied to the mechanism to scan the fingerprint, store it to the database, or store it temporarily to determine whether or not there is a match. In the padlock example, if a match exists, the lock will open. The entire process described above takes less than a few seconds. Thus, the mechanism need only maintain a certain power level long enough for the finger to be placed over the sensor to be scanned, after which the mechanism immediately reverts back to standby mode.

The lock mechanism is the electro-mechanical apparatus for opening and closing the lock. The lock mechanism, along with the processor, solenoid, and memory, is housed inside of a secure, tamperproof enclosure.

The electronic component of the lock mechanism is the solenoid. The solenoid has two states: open and closed. When the solenoid is in a closed state, the rod protruding from the solenoid is extended, so the lock shaft is unable to move. When the solenoid is an open state, the rod protruding from the solenoid is retracted in FIG. 26A and FIG. 26B.

There are multiple methods of designing the rod and the lock shaft. These methods depend on the size, weight, price and security required of the application. FIG. 26A shows a rod with a triangular shaped end. FIG. 26B shows a rod with a rounded, tapered end. The tapered rod, when fully extended, passes all the way thru the lock shaft, as shown in FIG. 26B and FIG. 26C.

Together with the fingerprint authentication system, the activation system, and the power supply, the lock mechanism completes the fundamental innovative design of the FPALM.

Regarding FIGS. 27-33, with FPALM II, a key, combination or access code is no longer necessary. There is no combination number, access code or key to steal. Further, there is no longer the problem of forgetting the combination number, the access code or losing the key.

A second advantage is that a traditional lock tumbler is no longer required. This greatly simplifies the lock mechanism, and can reduce the size and weight of the product.

A third advantage is that it is virtually impossible to forge someone's biometric attributes, such as a fingerprint, because every person has a unique genetic code. With traditional locking mechanisms, however, a locksmith or sophisticated thief is able to pick a lock relatively easily.

A fourth advantage is that if an unauthorized user attempts to break in, FPALM II can record the unauthorized fingerprint, enabling the user to identify and eventually apprehend the perpetrator. This record of the fingerprint also serves as a psychological deterrent to fraud or theft.

The fingerprint authentication lock mechanism, FPALM II, is part of a device whose purpose is to control access to a level appropriate to its functionality. When built into a padlock, for example, FPALM II uses fingerprint identification and matching techniques to determine which individuals are authorized to unlock it. Overall, FPALM II is comprised of three basic components: 1) a fingerprint authentication system, 2) a power supply, and 3) a lock mechanism. These components are shown in FIG. 25.

In FIG. 25, the fingerprint sensor, processor, and memory comprise the primary electronic hardware of FPALM II. The sensor, processor, and memory together may be integrated into a single chip, or their functions may be separated into two or more chips. The fingerprint sensor scans the fingerprint of a “lock administrator” and the fingerprint, or a representation of it, is stored in long-term memory while in “setup mode.” Long-term memory allows the system to maintain a digital representation of the authorized user(s) fingerprint(s) even if the power supply shuts off, fails or is removed. Only the lock administrator, using his own fingerprint, may authorize the addition or removal of subsequent fingerprints to the database. Users who are added to the database by the lock administrator do not possess this capability. If necessary, the lock administrator may remove his own fingerprint(s) from the database and reassign the role of lock administrator to someone else who must then scan their fingerprint into the device during setup mode. The number of fingerprints that the lock administrator may add to the database is limited only by the amount of available memory. Thus, the database may consist of one fingerprint, or up to ten thousand fingerprints or more.

Once the database has been created during setup mode, subsequent finger scans can then be stored temporarily (active use mode) and compared against those in the database. The fingerprint need only be stored in temporary memory for as long as it takes to determine whether or not there is a match in the database. If the current fingerprint scanned matches one of those in the database, access is granted. In the case of the padlock, for example, the device will unlock. In other words, if there is a match, the software will send a signal to the mechanical components to open the lock mechanism. The lock mechanism is discussed in further detail in Section 4.

Another component of the Fingerprint Authentication System is the software. The software executes the functionality mentioned in the previous two paragraphs. In further detail, the software includes fingerprint minutia identification, template, and matching algorithms. The software may also include encryption algorithms for additional security. Using mathematical measurements and invariants, the fingerprint minutia algorithm extracts many important, unique features from a user's fingerprint. The extracted minutiae enable the matching algorithms to uniquely distinguish this user from other users. In other words, the matching algorithm prevents an unauthorized user from gaining access while granting access to an authorized user. The unique, extracted minutiae and their locations within the fingerprint comprise a fingerprint template. The fingerprint template is stored in long-term memory.

Encryption of the templates is an optional higher level of security. The encryption algorithms encrypt and compress each fingerprint template before storing it in long-term memory. It is impossible to reconstruct the fingerprint image from a stored template. Thus, even if the digital data were somehow removed or extracted from the product, a potential thief or hacker would not be able to use the stolen fingerprint templates to break into someone's bank account, for example, or steal someone's identity through some other means external to the original product.

The mechanism may incorporate any number of different power supply systems comprised of, but not limited to, direct current or AC current, disposable or rechargeable batteries, solar cells, fuel cells, and/or spring dynamos. We have four primary methods of substantially prolonging the life of the power supply, when the product is portable:

1.) Lock Shaft Current Generator. The mechanical motion of the lock shaft, pushes a coil of wire through a magnetic field, or vice versa, pushes a magnet through a coil of wire to generate electrical current to recharge the power supply. (Refer to FIG. 27.)

2.) Magnetic Current Generator. The kinetic energy obtained from the movement of the device itself is used to wind a spring, similar to a self-winding watch, or move a magnet through a coil of wire to generate electricity. (Refer to FIG. 28.)

3.) User-Activated Current Generator. A third method recharges the power supply by means of a user-activated physical interface such as a button, dial, or lever. The preferable way to generate power is for the button, dial or lever to turn a motor.

4.) Activation System. A fourth method helps determine how to use power most efficiently, by means of an activation system. The mechanism may be activated automatically the moment a user touches the device, as some fingerprint sensors contain this capability. Alternatively, the system may be activated through traditional mechanical means, such as the operation of a button, lever, or other mechanical means operated by the individual. Once activated, enough power is supplied to the mechanism to scan the fingerprint, store the fingerprint template to the database, or store the fingerprint template temporarily to determine whether or not there is a match found in the database. In the padlock example, if a match exists, the lock will open. The entire process described above takes less than a few seconds. Thus, the mechanism need only maintain a certain power level long enough for the finger to be scanned, after which the mechanism immediately reverts back to standby or idle mode. Virtually zero power will be used when the device is not in active use.

The lock mechanism is the electro-mechanical apparatus for opening and closing a lock. The lock mechanism, along with the processor and memory, is housed inside of a secure, tamperproof enclosure. This lock mechanism may be applied to a wide variety of portable and non-portable lock products: auto locks, bike locks, door locks, gun and other weapon locks, luggage locks, purse locks, safe locks, school and gym lockers, ski locks, and padlocks. An implementation of this lock mechanism applied to the padlock is shown in FIG. 29.

The electronic component of the lock mechanism is the motor. The motor controls two states: open and closed. The motor turns the lock cylinder, which is threaded, similar to the threads of a screw. By turning the lock cylinder, the lock cylinder protrudes into the cavity of the lock shaft to achieve a closed state, whereby the lock shaft is unable to move. Similarly, when the motor turns the lock shaft in the opposite direction, the lock cylinder retracts from the lock shaft cavity to achieve an open state, thereby enabling the user to open the device. (Refer to FIGS. 30, 30A, 31, 31A, and 32.)

An alternative implementation of our lock mechanism is to use a cam. When the motor turns, it rotates a cam. When a lobe of the cam presses against the lock cylinder, the lock cylinder protrudes into the cavity of the lock shaft to achieve a locked state. When the narrower part of the cam presses against the lock cylinder, the lock is in an unlocked state. (Refer to FIG. 33.)

Regarding FIGS. 25-33, the padlock example is the simplest product application of the FPALM and FPALM II. Other examples include, but are not limited, to the following product categories:

1. General Purpose Security: Door Locks, Padlocks, Bike Locks, Steering Wheel Locks, Lockboxes, Home Safes

2. Law Enforcement & Civilian Defense: Handguns, Rifles, Pepper Spray Dispensers, Mace Dispensers, Stun Guns

3. Home Hazard Safety: Hazardous Power Tools, Stovetops, Prescription Jars, Medicine Cabinets, Tool Cabinets, Electrical Outlets

4. Travel: Luggage, Briefcases, Carry-On Bags

5. Office & Commercial: Desk Drawers, File Cabinets, Cash Registers

6. Rental Space: Post Office Box Rental, Locker Rental, Storage Garage Rental

Each of the above embodiments may be used separately from one another in combination with any of the other embodiments. All of the above embodiments may be used together. For example, the different embodiments of passcode device 101 and administrators 102 may all be used in the same system 100. Similarly, the different aspects of each component may be used together or separately. For example, a passcode device 101 may include any one or any combination of no operating system, a secure area, embedded software, and/or being configured to function as a standalone device.

Any of the various embodiments described above may be used separately or in any combination together with one another. The various features of each of the embodiments may be interchanged with one another to get new embodiments.

Although the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the true spirit and scope of the invention. In addition, modifications may be made without departing from the essential teachings of the invention. 

The invention claimed is:
 1. A machine-implemented method for using non-determinism to generate a secure code comprising: acquiring, by a sensor of a system, identifying information from a user, the system including at least a machine having at least a processor system having at least one processor, the sensor, and a memory system; acquiring, by the system, with the identifying information, entropic data generated during an action associated with the acquiring of the identifying information; at least temporarily storing in the memory the identifying information with the entropic data; and generating, by the system, a secure code based on the identifying information and the entropic data extracted during the action executed by the system; wherein the secure code is generated, by the system, base on random, non-deterministic input that includes the entropic data, the entropic data includes data that is (1) generated by randomness associated with a physical process associated with the acquiring of the identifying information and not randomness generated by an algorithm and (2) dependent on a configuration of the user with respect to the sensor, and an environment while acquiring the identifying information.
 2. A machine-implemented method for using non-determinism to generate an encryption key comprising: acquiring, by a biometric sensor of a system, identifying information from a user, the system including at least a machine having at least a processor system having at least one processor, the biometric sensor, and a memory system; acquiring, by the biometric sensor, entropic data generated during the acquiring of the identifying information from the user; at least temporarily storing the identifying information acquired with the entropic data; and generating, by the processor system, an encryption key based on the identifying information and the entropic data extracted during the acquiring of the identifying information from the user by the biometric sensor, wherein the entropic data includes data from non-deterministic input that is (1) generated by randomness associated with a physical process associated with the acquiring of the identifying information as opposed to randomness generated by an algorithm and (2) dependent on a configuration of the user with respect to the sensor, and environment while acquiring the identifying information.
 3. The method of claim 1, further comprising: measuring, by the system, a fluctuation in a quantum state associated with the system, generating, by the processor, a random string based on the measuring of the fluctuation in the quantum state associated with the system, wherein the non-deterministic input results from quantum phenomena in the physical process which results in true randomness that is not generated by an algorithm.
 4. The method of claim 2, further comprising: measuring, by the system, a fluctuation in a quantum state associated with the system, generating, by the processor, a random string based on the measuring of the fluctuation in the quantum state associated with the system, wherein the non-deterministic input is derived from quantum phenomena in the physical process which results in true randomness that is not generated by an algorithm.
 5. The method of claim 1, further comprising generating a registration code or passcode generator by applying a one-way function to the non-deterministic input.
 6. The method of claim 2, further comprising generating a key by applying a one-way method to the non-deterministic input.
 7. The method of claim 1, wherein the non-deterministic input is based on biometric information.
 8. The method of claim 2, wherein the non-deterministic input is based on biometric information acquired by the biometric sensor.
 9. The method of claim 3, wherein the sensor is an optical sensor, the method further comprising: as part of acquiring the identifying information, measuring, by the optical sensor of the system, an optical state associated with the system, the optical state having a measurable quantum mechanical probability of being in any of a plurality of states; and the generating including generating, by the processor system, a random string based on the measuring of the optical state, wherein the quantum phenomena is an optical phenomena with a quantum nature.
 10. The method of claim 4, wherein the quantum phenomena is radioactive decay.
 11. The method of claim 1, wherein some of the non-deterministic input is derived from a device of the system.
 12. The method of claim 2, wherein some of the non-deterministic input is derived from a device of the system.
 13. A machine implemented method comprising: generating a registration code or passcode based on non-deterministic data derived from a system including a mobile phone, the system including at least a processor system having at least one processor, a biometric sensor, and a memory system, the memory system storing identifying information from the user; the generating of the registration code or passcode including by at least generating, by the system, a code value based on identifying information and entropic data extracted during the action executed by the system; wherein the code value is generated, by the system, based on random, non-deterministic input that includes the entropic data, the entropic data includes data that is (1) generated by randomness associated with a physical process associated with acquiring the identifying information and not randomness generated by an algorithm and (2) dependent on a configuration of the user with respect to the sensor, and an environment while acquiring of the identifying information.
 14. The method of claim 12, wherein non-deterministic input is derived from a chip inside the device of the system.
 15. The method of claim 12, wherein the device is a smart card of the system.
 16. The method of claim 3, wherein the quantum phenomena is derived from quantum effects in a silicon chip of the system.
 17. The method of claim 4, wherein the quantum phenomena is derived from quantum effects in a silicon chip of the system.
 18. The method of claim 1, further comprising: wherein the non-deterministic input results from unpredictable effects on the acquiring of the identifying information from heat, light, sound, moisture, conductance, density, gravity, or acceleration while acquiring the identifying information.
 19. The method of claim 2, further comprising: wherein the non-deterministic input results from heat, light, sound, moisture, conductance, density, gravity or acceleration while acquiring the identifying information.
 20. The method of claim 12, wherein the device is a mobile phone.
 21. The method of claim 2, wherein the extracted entropic data is acquired with images acquired by a fingerprint sensor. 